Channels ▼

Web Development

Customer Patching For Web App Vulnerabilities

NT OBJECTives has announced its NTODefend software for enterprise security teams to create "perfect-fit" custom rules to patch Web Application Firewalls (WAF) or Intrusion Prevention System (IPS) against web application vulnerabilities discovered in automated scans carried out by its NTOSpider product.

The company says that security teams are discovering application vulnerabilities, but in the time it takes for a security to notify the development team that a code fix is needed, a site can be defaced, taken down, or have customer data stolen. For this reason, says NT OBJECTives, organizations need to rely on WAFs to protect their web applications while developers are fixing the code, when the third-party code cannot be accessed, or when the code is simply outdated.

"With NTODefend, enterprise security teams now have the ability to customize and train their WAFs/IPSs to be optimally effective at protecting applications in production, while eliminating the difficulties, costs, and risks associated with traditional manual methods of training these technologies," said Dan Kuykendall, co-CEO and CTO of NT OBJECTives. "The various application security vendors must continue to work together to deliver innovation that helps organizations protect applications already in production more effectively."

This problem here is that very few enterprise security teams actually have time to properly train their WAFs to provide the necessary protection, leaving applications and enterprises vulnerable to an ever-changing landscape of threats. Additionally, as has been the case with IPS deployment, enterprises are concerned that active defensive devices will block good traffic. While WAF and IPS devices include standard rules designed to block vulnerabilities, they lack the specific knowledge of the applications that they are supposed to protect. As such, the included packaged rules are one-size-fits-all and are less effective than rules that are designed to work specifically for that application.

Related Reading

More Insights

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.