NT OBJECTives (NTO), based in Orange County, California, brings together an innovative collection of top experts in information security and software engineering to develop and provide a comprehensive suite of industry-leading technologies and services to solve the application security challenges of today's global organizations. NTO has created the industry leading, automated technology capable of performing comprehensive and accurate Web Application security scanning solutions. Its next-generation technology, coupled with continued innovation puts NTO in a leadership role in this area of expertise. Company History The NTO team has substantial experience in the security community. NTO's engineering team was part of the core development team that created Foundscan, the first next generation vulnerability scanner while at Foundstone. In the summer of 2002, a few of the core product team at Foundstone left to pursue common interests in developing the first enterprise solution truly capable of addressing the emerging application security threats. The NTO Culture Everyone on the NTO team is an industry expert, and is encouraged to innovate to solve the needs of this complex problem. Having a corporate culture that respects each team member enough to be given broad levels of autonomy, has allowed NTO's technology to solve problems that were thought impossible. Every team member is regularly exposed to real customers, either as silent participant in sales and/or support calls, working directly with customers on bugs or features, or reviewing details of why potential opportunities were lost. This first hand exposure enables us to have a more informed and purpose driven team that is inspired and motivated to strive to solve these issues and improve our products. The NTO Vision NTO believes that Web Application Security represents the greatest security challenge facing the information technology industry today. Millions of custom Web Applications have been developed in the past two decades. No two are alike and the expectations for enhanced customer and partner interactions often introduce numerous vulnerabilities. Manual penetration tests, the traditional means to identify Web Application vulnerabilities, are too expensive to be a solution for most applications. Even if every enterprise had the funds to review all of its applications as infrequently as once a year, there are not enough trained pen testers to do a tenth of the work. The logical solution is an automated tool. Unfortunately, first generation vulnerability assessment tools were not truly automated. The complexities of modern Web sites, including JavaScript, forms processing, complex authentication and session management, resulted in these early scanners requiring significant user interaction to completely crawl an application. Many users, untrained in their use, did not crawl even a portion of their sites and overlooked significant security holes. Moreover, these scanners merely pointed out long lists of vulnerabilities and did not assist security teams in assigning and remediating these vulnerabilities.