Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Winning Web Scanning Firm Gets DDOSed
NTObjectives finds that its newfound fame has its price
2 Min Read
6:06 PM -- Remember that Web application security scanning report that stirred so much debate last week? Well, NTObjectives, the company whose relatively unknown NTOSpider scanner swept IBM/Watchfire’s AppScan and HP/SPI Dynamics’ WebInspect in the report, has been hammered by several distributed denial-of-service (DDOS) attacks ever since the report started spreading around the blogosphere.
The attackers have used revolving IP addresses, according to NTObjectives's CEO JD Glaser, so it's been difficult for ISPs to block the sources of the attacks. Glaser says he doesn't know who's behind the attacks, but assumes it's just hackers trying to prove themselves. "Hopefully, it'll die down in a week or so," he says.
Glaser says the attacks have rendered the site inaccessible at times, but there's been no evidence that its servers have been compromised. So far, NTObjectives has been tuning its Web server and bringing a load-balancing solution online, according to Dan Kuykendall, director of engineering and information technologies for the company. "There's not a ton we can do with having a firewall block this kind of thing without risk of blocking legitimate users," he says.
Meanwhile, the Web app security scanner report written by independent consultant Larry Suto, was an attempt to quantify how well these tools actually perform. It measured the number of links the scanners crawled, the coverage of applications they test, number of vulnerabilities they found, and the number of false positives they generated.
According to Suto's results, NTOSpider basically kicked butt in all of the categories: AppScan missed 88 percent of the legitimate vulnerabilites found by NTOSpider, and WebInspect missed 95 percent of them. NTOSpider also came out with a 0 percent false positive rate, while AppScan had a 16 percent rate, and WebInspect, a 52 percent rate, according to the report.
Not surprisingly, the report drew both kudos and criticism over what features are most meaningful to measure, etc.
— Kelly Jackson Higgins, Senior Editor, Dark Reading
IBM Corp. (NYSE: IBM)
Hewlett-Packard Co. (NYSE: HPQ)
About the Author(s)
You May Also Like
More Insights
Webinars
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024
