Rapid7 acquires NT OBJECTives

The addition of the AppSpider suite to Rapid7’s Threat Exposure Management solutions provides information security teams with the ability to assess risk in assets and applications in their environments. This is combined with analytics to identify the most impactful actions that can reduce IT security risk. This approach enables users to make decisions based on business context and threat validation through automated attack simulation.

Protecting web applications has never been more important. The 2015 Verizon Data Breach Investigations Report highlights that web application attacks remain the most frequent incident pattern in confirmed breaches and accounted for up to 35% of breaches in some industries. It’s also estimated that nearly 50% of those incidents take months or longer to discover.

“To truly manage and reduce threats, organizations require solutions that collect and analyze data across modern business infrastructure, including users, mobile assets, cloud data stores, and web applications,” said Corey Thomas, president and CEO at Rapid7. “NTO’s web application scanning technology will play an important role in Rapid7’s IT Security Data and Analytics platform and help organizations across the globe meet this challenge. The NTO team shares Rapid7’s commitment to innovation and quality products, and we’ve already had great success in bringing the teams together.”

Core Capabilities of Rapid7 AppSpider

The Rapid7 AppSpider suite includes all the capabilities previously offered by NTO with comprehensive dynamic application security testing and scalable enterprise scanning program management, delivered as software or in the cloud.
Universal Translator: The solution’s unique “Universal Translator” technology enables security teams to analyze even the most complex applications, including rich Internet applications (AJAX, GWT) and web services (REST, JSON), to provide greater visibility of risks.
Customized Attacks: The dynamic analysis tool conducts a thorough analysis and interprets what the application is expecting so it can create intelligent, customized attacks. This delivers more accurate results and enables teams to automatically test complex business workflows, like shopping carts, which were previously untestable.
Scanning Automation: Security teams can save time and resources since nearly every step of the application security assessment process has been automated.
Live Vulnerability Reports and Attack Replay: Some other solutions provide reams of cumbersome, static, PDF reports. AppSpider provides interactive actionable reports with greater organization and links for deeper analysis. Within reports, users can replay vulnerabilities in real-time to confirm vulnerabilities are exploitable and then remediated.
Continuous Site Monitoring: AppSpider identifies changes in application ecosystems, which may inadvertently introduce new vulnerabilities. It then triggers a re-scan according to configurable settings.
Integration with Protection Technologies: AppSpider will automatically generate Web Application Firewall (WAF) custom rules that help to protect vulnerable applications while the vulnerabilities are being remediated. AppSpider supports most leading WAF/IPFs, including F5, Sourcefire, and Imperva.


“Web application security represents one of the greatest challenges facing the security industry and businesses of all sizes. With millions of custom web applications developed in the last two decades, organizations have significantly increased their attack surface,” said Dan Kuykendall, co-CEO and CTO at NTO. “We’ve spent the last 13 years creating an application testing technology capable of addressing this issue. By joining with Rapid7, we’ll be able to provide innovative solutions for Threat Exposure Management and help companies stay ahead of web-based attacks. We’re excited to join a team as passionate as we are about improving the practice of security for organizations globally.”