We are excited to announce a host of enhancements to NTOSpider that will further assist you in testing more of your applications in less time. Our mission is and has always been to create the most automated and accurate assessment possible even on the most modern applications. And, in this release, we further expand NTOSpider’s ability to effectively test modern web and mobile applications.
The following are some of the highlights of NTOSpider 6.4:
- Web service authentication to further automate testing of web services and mobile applications.
- Automatic update tool to enable users to automatically download new versions of NTOSpider.
- Crawler improvements to further expand coverage of Web 2.0 applications and improved performance on very large sites.
- Added and improved attack modules to include additional vulnerabilities in automated coverage, including Shellshock or BASH Bug.
- Improved UI features including user defined attack policies and macro debugging.
New and Enhanced Features
- Web Service Authentication – Expanded ability to test web services with the ability to handle the authentication and session management solutions used by many web services. Including: comprehensive OAuth, HMAC, integrated NONCE support and user defined solutions.
- Enhanced performance – Performance improvements include increased scan speed and reduced memory consumption especially for very large sites.
- Auto-updater – NTOSpider finally has a configurable automatic update mechanism that enables users to choose between three options that give the user flexibility and control over upgrades.
- User Defined Attack Policy – Simplifies selections of attacks.
- Macro debugger – UI feature to help user replay and debug MACRO recordings.
- Attack modules – The following attack modules have been added or improved.
- Shellshock (aka The BASH Bug)
- CORS (Cross-Origin Resource Sharing)
- XPath Injections
- LDAP Injection
- XML External Entity
- Server Side Include (SSI) Injection
- Expression Language Injection
- ASP.NET ViewState Validation
For complete details review the release notes.
For more information or to request a free trial of NTOSpider visit: www.ntobjectives.com/security-software/ntospider-application-security-scanner/