Click here to close now.


News Feed Item

NT OBJECTives Releases New Webcast Featuring Independent Research Firm, "Mobile Application Security: What You Need to Know"

Time for the Industry to Watch Its "Backend" as Server Side Attacks Make Their Way through Untested, Unreviewed Mobile Applications

IRVINE, Calif., Dec. 5, 2012 /PRNewswire/ -- NT OBJECTives,  a provider of the most automated, comprehensive and accurate web application security software, services and SaaS, today announced the release of a new webcast featuring Forrester Research titled, "Mobile Application Security: What You Need to Know."  With guest presenter Chenxi Wang, Ph.D., Vice President and Principal Analyst at Forrester Research, Inc. and Dan Kuykendall, co-CEO and CTO of NT OBJECTives, the webcast reveals why and how vulnerabilities in mobile applications, especially custom applications using new rich programming formats, are being overlooked and leading cybercriminals straight to the backend servers where critical data is housed.  The presentation includes new research and practical guidance to protect enterprises from this emerging and largely unaddressed threat in the mobile application security space. The mobile application market is currently a $6 billion market today with expected growth to more than $55 billion by the year 20151.

(Logo: )

In an informal study of more than 500 clients, Forrester found that nearly 50 percent have built custom mobile applications or are about to build them demonstrating how active enterprise mobility is today.  Along with this growth is also the increasing number of exploitations of application-programming interfaces (APIs) associated with custom applications. It is within these APIs that attackers are able to reach backend servers, where critical and sensitive information is housed. 

"API communication can be exploited and this is something not every developer really understands. There is a client application that is installed specifically by the user, and this application talks to the server side which is not like a traditional browser application as any browser can come to a web application," states Wang on the webcast. "So developers think that because there is a native application, they are sort of shielded from somebody that could get in the middle of the client/server communication. That is a misconception, it's simply not true.  Someone can get in the middle and attack a backend server application."

Kuykendall and Wang both emphasize that with proper and effective testing, issues such as API security flaws, along with authentication weaknesses, protocol level bugs and load processing bugs can be discovered and remediated.   Additionally, SSL and basic application authentication should not be relied on to protect against attacks. 

"The evolution of new mobile APIs such as JSON, SOAP and REST have created exciting new ways for enterprises to engage their customers like never before," says Dan Kuykendall co-CEO and CTO of NT OBJECTives.  "Let's face it though, this has created a new path to the pot of gold that cybercriminals are after, with the backend server now being the endgame.  If IT departments and developers aren't effectively testing their mobile applications, they are really missing the mark.  We must evolve our security practices to stay in step and make sure these applications are secure."

Other topics addressed in the webcast include device and enterprise market trends, how mobile applications are exploited, how to properly test mobile applications, common mobile application attack vectors and common mobile hacking tools.

"If I may leave you with one message,"  Wang goes on to say on the webcast,  "You should review your code,  test and review, test and review, and test again, and in every sprint that is what you need to do."

The full webcast can be accessed at

Individuals interested in learning more about web application technologies are invited to access NTO's most recent whitepaper, "The Widening Web Application Security Scanner Coverage Gap in RIA, Mobile and Web Services: Is Your Scanner like the Emperor's New Clothes?" a research report that identifies nine common underlying web application technologies in mobile applications, Rich Internet Applications (RIA) and web services being overlooked by today's scanners with practical guidance on how to improve security efficiency and effectiveness with each.

The white paper was released in conjunction with the company's NTOSpider6 beta, a new dynamic application security testing (DAST) solution that includes a proprietary Universal Translator technology that can automatically crawl, detect and attack vulnerabilities that exist in modern mobile applications.   NTO invites security researches and security professionals who want to stay current against modern applications to participate in the NTOSpider 6 beta program.  For more information or to register for beta program participation visit

1Forrester Research, Inc., February  2012 "Mobile is the new face of engagement"

About NT OBJECTives
NT OBJECTives (NTO) is a provider of most automated, comprehensive and accurate web application security software, services and SaaS. NTO has been dedicated to solving the most difficult application security challenges for over 10 years. NTO's software, SaaS and services solutions are designed to help organizations build the most comprehensive, efficient, accurate web application security program. NT OBJECTIVES is privately held with headquarters in Irvine, CA.  For more information visit or follow us on Twitter @ntobjectives or @dan_kuykendall.


More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of managing cloud applications. Determining how to automate cloud security compliance is critical...
We all know that data growth is exploding and storage budgets are shrinking. Instead of showing you charts on about how much data there is, in his General Session at 17th Cloud Expo, Scott Cleland, Senior Director of Product Marketing at HGST, showed how to capture all of your data in one place. After you have your data under control, you can then analyze it in one place, saving time and resources.
Today air travel is a minefield of delays, hassles and customer disappointment. Airlines struggle to revitalize the experience. GE and M2Mi will demonstrate practical examples of how IoT solutions are helping airlines bring back personalization, reduce trip time and improve reliability. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Dr. Sarah Cooper, M2Mi’s VP Business Development and Engineering, explored the IoT cloud-based platform technologies driving t...
As organizations shift towards IT-as-a-service models, the need for managing & protecting data residing across physical, virtual, and now cloud environments grows with it. CommVault can ensure protection & E-Discovery of your data - whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise.
In recent years, at least 40% of companies using cloud applications have experienced data loss. One of the best prevention against cloud data loss is backing up your cloud data. In his General Session at 17th Cloud Expo, Sam McIntyre, Partner Enablement Specialist at eFolder, presented how organizations can use eFolder Cloudfinder to automate backups of cloud application data. He also demonstrated how easy it is to search and restore cloud application data using Cloudfinder.
The Internet of Things (IoT) is growing rapidly by extending current technologies, products and networks. By 2020, Cisco estimates there will be 50 billion connected devices. Gartner has forecast revenues of over $300 billion, just to IoT suppliers. Now is the time to figure out how you’ll make money – not just create innovative products. With hundreds of new products and companies jumping into the IoT fray every month, there’s no shortage of innovation. Despite this, McKinsey/VisionMobile data...
Internet of @ThingsExpo, taking place June 7-9, 2016 at Javits Center, New York City and Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 18th International @CloudExpo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo New York Call for Papers is now open.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York and Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty ...
Just over a week ago I received a long and loud sustained applause for a presentation I delivered at this year’s Cloud Expo in Santa Clara. I was extremely pleased with the turnout and had some very good conversations with many of the attendees. Over the next few days I had many more meaningful conversations and was not only happy with the results but also learned a few new things. Here is everything I learned in those three days distilled into three short points.
DevOps is about increasing efficiency, but nothing is more inefficient than building the same application twice. However, this is a routine occurrence with enterprise applications that need both a rich desktop web interface and strong mobile support. With recent technological advances from Isomorphic Software and others, rich desktop and tuned mobile experiences can now be created with a single codebase – without compromising functionality, performance or usability. In his session at DevOps Su...
As organizations realize the scope of the Internet of Things, gaining key insights from Big Data, through the use of advanced analytics, becomes crucial. However, IoT also creates the need for petabyte scale storage of data from millions of devices. A new type of Storage is required which seamlessly integrates robust data analytics with massive scale. These storage systems will act as “smart systems” provide in-place analytics that speed discovery and enable businesses to quickly derive meaningf...
SYS-CON Events announced today that Alert Logic, Inc., the leading provider of Security-as-a-Service solutions for the cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Alert Logic, Inc., provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Ful...
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
The buzz continues for cloud, data analytics and the Internet of Things (IoT) and their collective impact across all industries. But a new conversation is emerging - how do companies use industry disruption and technology enablers to lead in markets undergoing change, uncertainty and ambiguity? Organizations of all sizes need to evolve and transform, often under massive pressure, as industry lines blur and merge and traditional business models are assaulted and turned upside down. In this new da...
In his General Session at 17th Cloud Expo, Bruce Swann, Senior Product Marketing Manager for Adobe Campaign, explored the key ingredients of cross-channel marketing in a digital world. Learn how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects).