Rapid7, the Boston-based IT security firm, has announced the purchase of application security specialist NT OBJECTives (NTO) of Irvine, California. Terms of the deal were not disclosed.

NTOSpider will now be Rapid7's AppSpider
NTOSpider will now be Rapid7’s AppSpider – Thinkstock

Rapid7, with a primary focus on security data and analytics software, said it plans to incorporate NTO’s application security testing product – NTOSpider – into its own threat exposure management portfolio. NTOSpider is a security testing product that analyzes organizations’ applications for security vulnerabilities. Rapid7 will rebrand the product as AppSpider, which it said will be available immediately to customers.

“Web application security represents one of the greatest challenges facing the security industry and businesses of all sizes,” commented Dan Kuykendall, co-CEO and CTO for NTO, in a press statement.

“With millions of custom web applications developed in the last two decades, organizations have significantly increased their attack surface”, he said, adding that NTO has “spent the last 13 years creating an application testing technology capable of addressing this issue.”

Available as software or cloud-based, the enhanced AppSpider will integrate with Rapid7’s analytics and penetration testing capabilities and provide the following:

  • “Universal translator” technology that enables security teams to analyze complex applications, including rich Internet applications (AJAX, GWT) and web services (REST, JSON).
  • Customized attacks: A dynamic analysis tool conducts a thorough analysis and interprets what the application is expecting so it can create intelligent, customized attacks.
  • Scanning automation
  • Live vulnerability reports and attack replay
  • Continuous site monitoring: identifies changes in application ecosystems that may inadvertently introduce new vulnerabilities.
  • Integration with protection technologies: Automatically generates Web Application Firewall (WAF) custom rules that help to protect vulnerable applications while vulnerabilities are being remediated. Supports most leading WAF/IPFs, including F5, Sourcefire, and Imperva.

 According to a press statement from Rapid7, the new AppSpider will provide “the ability to assess risk in assets and applications in their environments” and will combine this with analytics to identify actions that can be taken to address the highest-risk areas. “This approach enables users to make decisions based on business context and threat validation through automated attack simulation,” the company added.

“To truly manage and reduce threats, organizations require solutions that collect and analyze data across modern business infrastructure, including users, mobile assets, cloud data stores, and web applications,” said Corey Thomas, president and CEO at Rapid7. “NTO’s web application scanning technology will play an important role in Rapid7’s IT Security Data and Analytics platform and help organizations across the globe meet this challenge.”

NT OBJECTives is number 400 on the Cybersecurity 500 list of the hottest infosec firms to watch – a quarterly inventory compiled by research firm Cybersecurity Ventures. Rapid7, considered a candidate to go public, ranks 98th on the same list.