|By PR Newswire||
|December 5, 2012 07:01 AM EST||
IRVINE, Calif., Dec. 5, 2012 /PRNewswire/ -- NT OBJECTives, a provider of the most automated, comprehensive and accurate web application security software, services and SaaS, today announced the release of a new webcast featuring Forrester Research titled, "Mobile Application Security: What You Need to Know." With guest presenter Chenxi Wang, Ph.D., Vice President and Principal Analyst at Forrester Research, Inc. and Dan Kuykendall, co-CEO and CTO of NT OBJECTives, the webcast reveals why and how vulnerabilities in mobile applications, especially custom applications using new rich programming formats, are being overlooked and leading cybercriminals straight to the backend servers where critical data is housed. The presentation includes new research and practical guidance to protect enterprises from this emerging and largely unaddressed threat in the mobile application security space. The mobile application market is currently a $6 billion market today with expected growth to more than $55 billion by the year 20151.
In an informal study of more than 500 clients, Forrester found that nearly 50 percent have built custom mobile applications or are about to build them demonstrating how active enterprise mobility is today. Along with this growth is also the increasing number of exploitations of application-programming interfaces (APIs) associated with custom applications. It is within these APIs that attackers are able to reach backend servers, where critical and sensitive information is housed.
"API communication can be exploited and this is something not every developer really understands. There is a client application that is installed specifically by the user, and this application talks to the server side which is not like a traditional browser application as any browser can come to a web application," states Wang on the webcast. "So developers think that because there is a native application, they are sort of shielded from somebody that could get in the middle of the client/server communication. That is a misconception, it's simply not true. Someone can get in the middle and attack a backend server application."
Kuykendall and Wang both emphasize that with proper and effective testing, issues such as API security flaws, along with authentication weaknesses, protocol level bugs and load processing bugs can be discovered and remediated. Additionally, SSL and basic application authentication should not be relied on to protect against attacks.
"The evolution of new mobile APIs such as JSON, SOAP and REST have created exciting new ways for enterprises to engage their customers like never before," says Dan Kuykendall co-CEO and CTO of NT OBJECTives. "Let's face it though, this has created a new path to the pot of gold that cybercriminals are after, with the backend server now being the endgame. If IT departments and developers aren't effectively testing their mobile applications, they are really missing the mark. We must evolve our security practices to stay in step and make sure these applications are secure."
Other topics addressed in the webcast include device and enterprise market trends, how mobile applications are exploited, how to properly test mobile applications, common mobile application attack vectors and common mobile hacking tools.
"If I may leave you with one message," Wang goes on to say on the webcast, "You should review your code, test and review, test and review, and test again, and in every sprint that is what you need to do."
The full webcast can be accessed at http://www.ntobjectives.com/go/webcast-mobile-application-security/
Individuals interested in learning more about web application technologies are invited to access NTO's most recent whitepaper, "The Widening Web Application Security Scanner Coverage Gap in RIA, Mobile and Web Services: Is Your Scanner like the Emperor's New Clothes?" a research report that identifies nine common underlying web application technologies in mobile applications, Rich Internet Applications (RIA) and web services being overlooked by today's scanners with practical guidance on how to improve security efficiency and effectiveness with each.
The white paper was released in conjunction with the company's NTOSpider6 beta, a new dynamic application security testing (DAST) solution that includes a proprietary Universal Translator technology that can automatically crawl, detect and attack vulnerabilities that exist in modern mobile applications. NTO invites security researches and security professionals who want to stay current against modern applications to participate in the NTOSpider 6 beta program. For more information or to register for beta program participation visit http://www.ntobjectives.com/security-software/ntospider-trial-download-request/
1Forrester Research, Inc., February 2012 "Mobile is the new face of engagement"
About NT OBJECTives
NT OBJECTives (NTO) is a provider of most automated, comprehensive and accurate web application security software, services and SaaS. NTO has been dedicated to solving the most difficult application security challenges for over 10 years. NTO's software, SaaS and services solutions are designed to help organizations build the most comprehensive, efficient, accurate web application security program. NT OBJECTIVES is privately held with headquarters in Irvine, CA. For more information visit www.ntobjectives.com or follow us on Twitter @ntobjectives or @dan_kuykendall.
SOURCE NT OBJECTives
Manufacturing connected IoT versions of traditional products requires more than multiple deep technology skills. It also requires a shift in mindset, to realize that connected, sensor-enabled “things” act more like services than what we usually think of as products. In his session at @ThingsExpo, David Friedman, CEO and co-founder of Ayla Networks, will discuss how when sensors start generating detailed real-world data about products and how they’re being used, smart manufacturers can use the ...
Sep. 5, 2015 03:00 AM EDT
To support developers and operations professionals in their push to implement DevOps principles for their infrastructure environments, ProfitBricks, a provider of cloud infrastructure, is adding support for DevOps tools Ansible and Chef. Ansible is a platform for configuring and managing data center infrastructure that combines multi-node software deployment, ad hoc task execution, and configuration management, and is used by DevOps professionals as they use its playbooks functionality to autom...
Sep. 5, 2015 03:00 AM EDT Reads: 147
Skeuomorphism usually means retaining existing design cues in something new that doesn’t actually need them. However, the concept of skeuomorphism can be thought of as relating more broadly to applying existing patterns to new technologies that, in fact, cry out for new approaches. In his session at DevOps Summit, Gordon Haff, Senior Cloud Strategy Marketing and Evangelism Manager at Red Hat, discussed why containers should be paired with new architectural practices such as microservices rathe...
Sep. 5, 2015 02:00 AM EDT Reads: 460
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
Sep. 5, 2015 01:30 AM EDT Reads: 995
Puppet Labs has announced the next major update to its flagship product: Puppet Enterprise 2015.2. This release includes new features providing DevOps teams with clarity, simplicity and additional management capabilities, including an all-new user interface, an interactive graph for visualizing infrastructure code, a new unified agent and broader infrastructure support.
Sep. 5, 2015 01:15 AM EDT Reads: 611
All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades. With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo, November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Learn what is going on, contribute to the discussions, and e...
Sep. 5, 2015 01:00 AM EDT Reads: 254
SYS-CON Events announced today that Pythian, a global IT services company specializing in helping companies leverage disruptive technologies to optimize revenue-generating systems, has been named “Bronze Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Founded in 1997, Pythian is a global IT services company that helps companies compete by adopting disruptive technologies such as cloud, Big Data, advance...
Sep. 5, 2015 01:00 AM EDT Reads: 412
SYS-CON Events announced today that G2G3 will exhibit at SYS-CON's @DevOpsSummit Silicon Valley, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Based on a collective appreciation for user experience, design, and technology, G2G3 is uniquely qualified and motivated to redefine how organizations and people engage in an increasingly digital world.
Sep. 4, 2015 11:00 PM EDT Reads: 581
In their Live Hack” presentation at 17th Cloud Expo, Stephen Coty and Paul Fletcher, Chief Security Evangelists at Alert Logic, will provide the audience with a chance to see a live demonstration of the common tools cyber attackers use to attack cloud and traditional IT systems. This “Live Hack” uses open source attack tools that are free and available for download by anybody. Attendees will learn where to find and how to operate these tools for the purpose of testing their own IT infrastructu...
Sep. 4, 2015 09:30 PM EDT Reads: 544
DevOps Summit, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development...
Sep. 4, 2015 07:00 PM EDT Reads: 1,670
Too often with compelling new technologies market participants become overly enamored with that attractiveness of the technology and neglect underlying business drivers. This tendency, what some call the “newest shiny object syndrome,” is understandable given that virtually all of us are heavily engaged in technology. But it is also mistaken. Without concrete business cases driving its deployment, IoT, like many other technologies before it, will fade into obscurity.
Sep. 4, 2015 06:45 PM EDT Reads: 458
Whether you like it or not, DevOps is on track for a remarkable alliance with security. The SEC didn’t approve the merger. And your boss hasn’t heard anything about it. Yet, this unruly triumvirate will soon dominate and deliver DevSecOps faster, cheaper, better, and on an unprecedented scale. In his session at DevOps Summit, Frank Bunger, VP of Customer Success at ScriptRock, will discuss how this cathartic moment will propel the DevOps movement from such stuff as dreams are made on to a prac...
Sep. 4, 2015 06:00 PM EDT Reads: 283
SYS-CON Events announced today that DataClear Inc. will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. The DataClear ‘BlackBox’ is the only solution that moves your PC, browsing and data out of the United States and away from prying (and spying) eyes. Its solution automatically builds you a clean, on-demand, virus free, new virtual cloud based PC outside of the United States, and wipes it clean...
Sep. 4, 2015 05:30 PM EDT Reads: 510
With the proliferation of connected devices underpinning new Internet of Things systems, Brandon Schulz, Director of Luxoft IoT – Retail, will be looking at the transformation of the retail customer experience in brick and mortar stores in his session at @ThingsExpo. Questions he will address include: Will beacons drop to the wayside like QR codes, or be a proximity-based profit driver? How will the customer experience change in stores of all types when everything can be instrumented and a...
Sep. 4, 2015 04:15 PM EDT Reads: 535
Contrary to mainstream media attention, the multiple possibilities of how consumer IoT will transform our everyday lives aren’t the only angle of this headline-gaining trend. There’s a huge opportunity for “industrial IoT” and “Smart Cities” to impact the world in the same capacity – especially during critical situations. For example, a community water dam that needs to release water can leverage embedded critical communications logic to alert the appropriate individuals, on the right device, as...
Sep. 4, 2015 04:00 PM EDT Reads: 101