Chances are your security team has devoted a lot of thought, effort and money to security issues in the past year or two. You've plugged holes in the operating systems. You've done virus and spyware scanning. You've implemented security on the network and at the perimeter. But have you given consideration to your Web applications, which could allow a hacker entry into your network via a Web browser? Such applications could prove to be the weakest link.

For most organizations, Web applications drive the usefulness of the Internet.  Whether for internal or external use, interactive Web apps allow us to collect and exchange information that drives business. We need these applications, yet poorly designed apps can put the organization at risk. 

This is the hole that NT OBJECTives (NTO) intends to fill. NTO has developed technology to help identify programmatic vulnerabilities, as well as to advise you on how to reduce your risks.

NTOSpider http://www.ntobjectives.com/products/ntospider.php is a Web application vulnerability scanner that assesses your network in a completely automated fashion. It generates graphical reports that identify application vulnerabilities and exposure risks, and ranks the priority of threats.  NTOSpider also can perform an advanced analysis of your site structure, content and configuration to identify inherent exposure to future or emerging threats. 

This "application threat modeling" analysis looks at the common attack points and yields a list of vulnerabilities that need to be fixed. The program assumes that a developer has limited knowledge about application security and provides step-by-step instructions for remediation of the problem areas.

Now I'm not a Web application developer and I don't pretend to speak their language. That's why I recommend that developers look at the NTOSpider data sheet http://www.ntobjectives.com/datasheets/NTOSpiderDatasheet.pdf to determine its usefulness for themselves.  However, I can see the immense benefits of using a tool like NTOSpider, if for no other reason than to verify that applications have no vulnerabilities that are leaving the back door open to attack.

Beyond the assessment tools, NTO also offers consulting services and developer training and education by security experts, including Mike Shema, a man considered to be one of the foremost experts in the area of Web application security. He is highly regarded for his books "The Anti-Hacker Toolkit," a collection of tools and techniques for security administrators to secure and defend enterprise networks, as well as "Hacking Exposed: Web Applications" and "Hack Notes: Web Application Security."

Linda Musthaler is a principal analyst with Essential Solutions Corporation.