Rapid7 acquires NT OBJECTives

Rapid7 has acquired NT OBJECTives (NTO), the web and mobile application security testing company, expanding Rapid7’s Threat Exposure Management offering to further meet the needs of modern business infrastructures. NTO’s application security testing solution – trusted by many Fortune 500 companies – analyzes web applications for security vulnerabilities and maximizes organizations’ ability to effectively reduce IT security risk. Rapid7 is offering this technology under the name Rapid7 AppSpider, available immediately to customers. 

  • 9 years ago Posted in

The addition of the AppSpider suite to Rapid7’s Threat Exposure Management solutions provides information security teams with the ability to assess risk in assets and applications in their environments. This is combined with analytics to identify the most impactful actions that can reduce IT security risk. This approach enables users to make decisions based on business context and threat validation through automated attack simulation.

Protecting web applications has never been more important. The 2015 Verizon Data Breach Investigations Report highlights that web application attacks remain the most frequent incident pattern in confirmed breaches and accounted for up to 35% of breaches in some industries. It’s also estimated that nearly 50% of those incidents take months or longer to discover.

“To truly manage and reduce threats, organizations require solutions that collect and analyze data across modern business infrastructure, including users, mobile assets, cloud data stores, and web applications,” said Corey Thomas, president and CEO at Rapid7. “NTO’s web application scanning technology will play an important role in Rapid7’s IT Security Data and Analytics platform and help organizations across the globe meet this challenge. The NTO team shares Rapid7’s commitment to innovation and quality products, and we’ve already had great success in bringing the teams together.”

Core Capabilities of Rapid7 AppSpider

The Rapid7 AppSpider suite includes all the capabilities previously offered by NTO with comprehensive dynamic application security testing and scalable enterprise scanning program management, delivered as software or in the cloud.
Universal Translator: The solution’s unique “Universal Translator” technology enables security teams to analyze even the most complex applications, including rich Internet applications (AJAX, GWT) and web services (REST, JSON), to provide greater visibility of risks.
Customized Attacks: The dynamic analysis tool conducts a thorough analysis and interprets what the application is expecting so it can create intelligent, customized attacks. This delivers more accurate results and enables teams to automatically test complex business workflows, like shopping carts, which were previously untestable.
Scanning Automation: Security teams can save time and resources since nearly every step of the application security assessment process has been automated.
Live Vulnerability Reports and Attack Replay: Some other solutions provide reams of cumbersome, static, PDF reports. AppSpider provides interactive actionable reports with greater organization and links for deeper analysis. Within reports, users can replay vulnerabilities in real-time to confirm vulnerabilities are exploitable and then remediated.
Continuous Site Monitoring: AppSpider identifies changes in application ecosystems, which may inadvertently introduce new vulnerabilities. It then triggers a re-scan according to configurable settings.
Integration with Protection Technologies: AppSpider will automatically generate Web Application Firewall (WAF) custom rules that help to protect vulnerable applications while the vulnerabilities are being remediated. AppSpider supports most leading WAF/IPFs, including F5, Sourcefire, and Imperva.


“Web application security represents one of the greatest challenges facing the security industry and businesses of all sizes. With millions of custom web applications developed in the last two decades, organizations have significantly increased their attack surface,” said Dan Kuykendall, co-CEO and CTO at NTO. “We’ve spent the last 13 years creating an application testing technology capable of addressing this issue. By joining with Rapid7, we’ll be able to provide innovative solutions for Threat Exposure Management and help companies stay ahead of web-based attacks. We’re excited to join a team as passionate as we are about improving the practice of security for organizations globally.”  

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...