|By PR Newswire||
|December 5, 2012 07:01 AM EST||
IRVINE, Calif., Dec. 5, 2012 /PRNewswire/ -- NT OBJECTives, a provider of the most automated, comprehensive and accurate web application security software, services and SaaS, today announced the release of a new webcast featuring Forrester Research titled, "Mobile Application Security: What You Need to Know." With guest presenter Chenxi Wang, Ph.D., Vice President and Principal Analyst at Forrester Research, Inc. and Dan Kuykendall, co-CEO and CTO of NT OBJECTives, the webcast reveals why and how vulnerabilities in mobile applications, especially custom applications using new rich programming formats, are being overlooked and leading cybercriminals straight to the backend servers where critical data is housed. The presentation includes new research and practical guidance to protect enterprises from this emerging and largely unaddressed threat in the mobile application security space. The mobile application market is currently a $6 billion market today with expected growth to more than $55 billion by the year 20151.
In an informal study of more than 500 clients, Forrester found that nearly 50 percent have built custom mobile applications or are about to build them demonstrating how active enterprise mobility is today. Along with this growth is also the increasing number of exploitations of application-programming interfaces (APIs) associated with custom applications. It is within these APIs that attackers are able to reach backend servers, where critical and sensitive information is housed.
"API communication can be exploited and this is something not every developer really understands. There is a client application that is installed specifically by the user, and this application talks to the server side which is not like a traditional browser application as any browser can come to a web application," states Wang on the webcast. "So developers think that because there is a native application, they are sort of shielded from somebody that could get in the middle of the client/server communication. That is a misconception, it's simply not true. Someone can get in the middle and attack a backend server application."
Kuykendall and Wang both emphasize that with proper and effective testing, issues such as API security flaws, along with authentication weaknesses, protocol level bugs and load processing bugs can be discovered and remediated. Additionally, SSL and basic application authentication should not be relied on to protect against attacks.
"The evolution of new mobile APIs such as JSON, SOAP and REST have created exciting new ways for enterprises to engage their customers like never before," says Dan Kuykendall co-CEO and CTO of NT OBJECTives. "Let's face it though, this has created a new path to the pot of gold that cybercriminals are after, with the backend server now being the endgame. If IT departments and developers aren't effectively testing their mobile applications, they are really missing the mark. We must evolve our security practices to stay in step and make sure these applications are secure."
Other topics addressed in the webcast include device and enterprise market trends, how mobile applications are exploited, how to properly test mobile applications, common mobile application attack vectors and common mobile hacking tools.
"If I may leave you with one message," Wang goes on to say on the webcast, "You should review your code, test and review, test and review, and test again, and in every sprint that is what you need to do."
The full webcast can be accessed at http://www.ntobjectives.com/go/webcast-mobile-application-security/
Individuals interested in learning more about web application technologies are invited to access NTO's most recent whitepaper, "The Widening Web Application Security Scanner Coverage Gap in RIA, Mobile and Web Services: Is Your Scanner like the Emperor's New Clothes?" a research report that identifies nine common underlying web application technologies in mobile applications, Rich Internet Applications (RIA) and web services being overlooked by today's scanners with practical guidance on how to improve security efficiency and effectiveness with each.
The white paper was released in conjunction with the company's NTOSpider6 beta, a new dynamic application security testing (DAST) solution that includes a proprietary Universal Translator technology that can automatically crawl, detect and attack vulnerabilities that exist in modern mobile applications. NTO invites security researches and security professionals who want to stay current against modern applications to participate in the NTOSpider 6 beta program. For more information or to register for beta program participation visit http://www.ntobjectives.com/security-software/ntospider-trial-download-request/
1Forrester Research, Inc., February 2012 "Mobile is the new face of engagement"
About NT OBJECTives
NT OBJECTives (NTO) is a provider of most automated, comprehensive and accurate web application security software, services and SaaS. NTO has been dedicated to solving the most difficult application security challenges for over 10 years. NTO's software, SaaS and services solutions are designed to help organizations build the most comprehensive, efficient, accurate web application security program. NT OBJECTIVES is privately held with headquarters in Irvine, CA. For more information visit www.ntobjectives.com or follow us on Twitter @ntobjectives or @dan_kuykendall.
SOURCE NT OBJECTives
Much of the value of DevOps comes from a (renewed) focus on measurement, sharing, and continuous feedback loops. In increasingly complex DevOps workflows and environments, and especially in larger, regulated, or more crystallized organizations, these core concepts become even more critical. In his session at @DevOpsSummit at 18th Cloud Expo, Andi Mann, Chief Technology Advocate at Splunk, showed how, by focusing on 'metrics that matter,' you can provide objective, transparent, and meaningful f...
Sep. 26, 2016 10:15 AM EDT Reads: 2,274
Big Data has been changing the world. IoT fuels the further transformation recently. How are Big Data and IoT related? In his session at @BigDataExpo, Tony Shan, a renowned visionary and thought leader, will explore the interplay of Big Data and IoT. He will anatomize Big Data and IoT separately in terms of what, which, why, where, when, who, how and how much. He will then analyze the relationship between IoT and Big Data, specifically the drilldown of how the 4Vs of Big Data (Volume, Variety,...
Sep. 26, 2016 10:00 AM EDT Reads: 996
SYS-CON Events announced today that Bsquare has been named “Silver Sponsor” of SYS-CON's @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. For more than two decades, Bsquare has helped its customers extract business value from a broad array of physical assets by making them intelligent, connecting them, and using the data they generate to optimize business processes.
Sep. 26, 2016 10:00 AM EDT Reads: 2,671
SYS-CON Events announced today that ReadyTalk, a leading provider of online conferencing and webinar services, has been named Vendor Presentation Sponsor at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. ReadyTalk delivers audio and web conferencing services that inspire collaboration and enable the Future of Work for today’s increasingly digital and mobile workforce. By combining intuitive, innovative tec...
Sep. 26, 2016 10:00 AM EDT Reads: 2,719
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
Sep. 26, 2016 09:45 AM EDT Reads: 2,803
Kubernetes is a new and revolutionary open-sourced system for managing containers across multiple hosts in a cluster. Ansible is a simple IT automation tool for just about any requirement for reproducible environments. In his session at @DevOpsSummit at 18th Cloud Expo, Patrick Galbraith, a principal engineer at HPE, discussed how to build a fully functional Kubernetes cluster on a number of virtual machines or bare-metal hosts. Also included will be a brief demonstration of running a Galera M...
Sep. 26, 2016 09:15 AM EDT Reads: 2,726
In his session at @DevOpsSummit at 19th Cloud Expo, Robert Doyle, lead architect at eCube Systems, will examine the issues and need for an agile infrastructure and show the advantages of capturing developer knowledge in an exportable file for migration into production. He will introduce the use of NXTmonitor, a next-generation DevOps tool that captures application environments, dependencies and start/stop procedures in a portable configuration file with an easy-to-use GUI. In addition to captu...
Sep. 26, 2016 09:00 AM EDT Reads: 1,063
WebRTC adoption has generated a wave of creative uses of communications and collaboration through websites, sales apps, customer care and business applications. As WebRTC has become more mainstream it has evolved to use cases beyond the original peer-to-peer case, which has led to a repeating requirement for interoperability with existing infrastructures. In his session at @ThingsExpo, Graham Holt, Executive Vice President of Daitan Group, will cover implementation examples that have enabled ea...
Sep. 26, 2016 09:00 AM EDT Reads: 1,523
SYS-CON Events announced today that Tintri Inc., a leading producer of VM-aware storage (VAS) for virtualization and cloud environments, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Tintri VM-aware storage is the simplest for virtualized applications and cloud. Organizations including GE, Toyota, United Healthcare, NASA and 6 of the Fortune 15 have said “No to LUNs.” With Tintri they mana...
Sep. 26, 2016 08:30 AM EDT Reads: 2,552
SYS-CON Events announced today that Interface Masters Technologies, a leader in Network Visibility and Uptime Solutions, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Interface Masters Technologies is a leading vendor in the network monitoring and high speed networking markets. Based in the heart of Silicon Valley, Interface Masters' expertise lies in Gigabit, 10 Gigabit and 40 Gigabit Eth...
Sep. 26, 2016 08:30 AM EDT Reads: 2,468
Vidyo, Inc., has joined the Alliance for Open Media. The Alliance for Open Media is a non-profit organization working to define and develop media technologies that address the need for an open standard for video compression and delivery over the web. As a member of the Alliance, Vidyo will collaborate with industry leaders in pursuit of an open and royalty-free AOMedia Video codec, AV1. Vidyo’s contributions to the organization will bring to bear its long history of expertise in codec technolo...
Sep. 26, 2016 08:15 AM EDT Reads: 2,450
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management solutions, helping companies worldwide activate their data to drive more value and business insight and to transform moder...
Sep. 26, 2016 08:15 AM EDT Reads: 2,545
The vision of a connected smart home is becoming reality with the application of integrated wireless technologies in devices and appliances. The use of standardized and TCP/IP networked wireless technologies in line-powered and battery operated sensors and controls has led to the adoption of radios in the 2.4GHz band, including Wi-Fi, BT/BLE and 802.15.4 applied ZigBee and Thread. This is driving the need for robust wireless coexistence for multiple radios to ensure throughput performance and th...
Sep. 26, 2016 08:15 AM EDT Reads: 1,541
An IoT product’s log files speak volumes about what’s happening with your products in the field, pinpointing current and potential issues, and enabling you to predict failures and save millions of dollars in inventory. But until recently, no one knew how to listen. In his session at @ThingsExpo, Dan Gettens, Chief Research Officer at OnProcess, will discuss recent research by Massachusetts Institute of Technology and OnProcess Technology, where MIT created a new, breakthrough analytics model f...
Sep. 26, 2016 07:15 AM EDT Reads: 1,897
If you’re responsible for an application that depends on the data or functionality of various IoT endpoints – either sensors or devices – your brand reputation depends on the security, reliability, and compliance of its many integrated parts. If your application fails to deliver the expected business results, your customers and partners won't care if that failure stems from the code you developed or from a component that you integrated. What can you do to ensure that the endpoints work as expect...
Sep. 26, 2016 07:15 AM EDT Reads: 1,601