IRVINE, Calif., Dec. 5, 2012 /PRNewswire/ -- NT OBJECTives, a provider of the most automated, comprehensive and accurate web application security software, services and SaaS, today announced the release of a new webcast featuring Forrester Research titled, "Mobile Application Security: What You Need to Know." With guest presenter Chenxi Wang, Ph.D., Vice President and Principal Analyst at Forrester Research, Inc. and Dan Kuykendall, co-CEO and CTO of NT OBJECTives, the webcast reveals why and how vulnerabilities in mobile applications, especially custom applications using new rich programming formats, are being overlooked and leading cybercriminals straight to the backend servers where critical data is housed. The presentation includes new research and practical guidance to protect enterprises from this emerging and largely unaddressed threat in the mobile application security space. The mobile application market is currently a $6 billion market today with expected growth to more than $55 billion by the year 20151.
In an informal study of more than 500 clients, Forrester found that nearly 50 percent have built custom mobile applications or are about to build them demonstrating how active enterprise mobility is today. Along with this growth is also the increasing number of exploitations of application-programming interfaces (APIs) associated with custom applications. It is within these APIs that attackers are able to reach backend servers, where critical and sensitive information is housed.
"API communication can be exploited and this is something not every developer really understands. There is a client application that is installed specifically by the user, and this application talks to the server side which is not like a traditional browser application as any browser can come to a web application," states Wang on the webcast. "So developers think that because there is a native application, they are sort of shielded from somebody that could get in the middle of the client/server communication. That is a misconception, it's simply not true. Someone can get in the middle and attack a backend server application."
Kuykendall and Wang both emphasize that with proper and effective testing, issues such as API security flaws, along with authentication weaknesses, protocol level bugs and load processing bugs can be discovered and remediated. Additionally, SSL and basic application authentication should not be relied on to protect against attacks.
"The evolution of new mobile APIs such as JSON, SOAP and REST have created exciting new ways for enterprises to engage their customers like never before," says Dan Kuykendall co-CEO and CTO of NT OBJECTives. "Let's face it though, this has created a new path to the pot of gold that cybercriminals are after, with the backend server now being the endgame. If IT departments and developers aren't effectively testing their mobile applications, they are really missing the mark. We must evolve our security practices to stay in step and make sure these applications are secure."
Other topics addressed in the webcast include device and enterprise market trends, how mobile applications are exploited, how to properly test mobile applications, common mobile application attack vectors and common mobile hacking tools.
"If I may leave you with one message," Wang goes on to say on the webcast, "You should review your code, test and review, test and review, and test again, and in every sprint that is what you need to do."
The full webcast can be accessed at http://www.ntobjectives.com/go/webcast-mobile-application-security/
Individuals interested in learning more about web application technologies are invited to access NTO's most recent whitepaper, "The Widening Web Application Security Scanner Coverage Gap in RIA, Mobile and Web Services: Is Your Scanner like the Emperor's New Clothes?" a research report that identifies nine common underlying web application technologies in mobile applications, Rich Internet Applications (RIA) and web services being overlooked by today's scanners with practical guidance on how to improve security efficiency and effectiveness with each.
The white paper was released in conjunction with the company's NTOSpider6 beta, a new dynamic application security testing (DAST) solution that includes a proprietary Universal Translator technology that can automatically crawl, detect and attack vulnerabilities that exist in modern mobile applications. NTO invites security researches and security professionals who want to stay current against modern applications to participate in the NTOSpider 6 beta program. For more information or to register for beta program participation visit http://www.ntobjectives.com/security-software/ntospider-trial-download-request/
1Forrester Research, Inc., February 2012 "Mobile is the new face of engagement"
About NT OBJECTives
NT OBJECTives (NTO) is a provider of most automated, comprehensive and accurate web application security software, services and SaaS. NTO has been dedicated to solving the most difficult application security challenges for over 10 years. NTO's software, SaaS and services solutions are designed to help organizations build the most comprehensive, efficient, accurate web application security program. NT OBJECTIVES is privately held with headquarters in Irvine, CA. For more information visit www.ntobjectives.com or follow us on Twitter @ntobjectives or @dan_kuykendall.
SOURCE NT OBJECTives