Tag Archives: Securing web services


Mobile application security testing – fast and easy!

Mobile-App-SecMobile application security testing: Four words that, for many security professionals, elicit a nagging feeling that comes from knowing the challenge is imminent if not already present, yet very difficult to tackle.

We at NT OBJECTives understand, and we’ve got your back. Our newest service offering is designed to help busy security teams easily and thoroughly test mobile applications – without intensive training or resource drain.

NTOMobile On-Demand gives NTOSpider customers everything they need to quickly security test mobile applications, including mobile client native code and back-end web services. No need to choose between testing the source code, testing the services or pen testing the mobile app. NTOMobile On-Demand does it all with a comprehensive software solution combined with expert pen testing.

Comprehensive mobile application testing requires both static and dynamic analysis, so we’ve packaged them together, along with expert pen testing, to deliver comprehensive mobile application security testing. By leveraging the power of NTOSpider’s dynamic application security testing capabilities, NTOMobile On-Demand effectively and automatically tests the web services that power mobile back ends and that leverage new technologies like REST, JSON and SOAP. You won’t find another web application security testing solution that delivers better coverage of your custom web service implementations.

Mobile application security testing is a challenge for security teams that don’t have the time or resources to invest in effective training and tools. NTOMobile On-Demand enables security teams to conduct comprehensive mobile application security testing – and obtain the peace of mind that comes from doing what needs to be done.

Is your scanner like the emperor's new clothes?

New Report: SQL Injection vulns are hidden in web services (learn how to find them)

In this new report, The Widening Web Application Security Scanner Coverage Gap in RIA, Mobile and Web Services: Is Your Scanner like the Emperor’s New Clothes?, Dan Kuykendall and Matthew Cohen of NT OBJECTives cover the nine new technologies most overlooked by automated scanners. These technologies are hiding common vulnerabilities like SQL Injection. This report details each technology: what they are, why it is hard for automated scanners to find vulnerabilities in them and what you can do about it.

Read this report to learn how to secure these technologies:

  • AJAX
  • AMF – Flash remoting
  • Google Web Toolkit (GWT)
  • JSON
  • REST
  • XSRF/CSRF Tokens
  • Web services that power mobile applications

Download this research paper now to get all the facts and start finding & remediating vulnerabilities in these technologies!