Case Study Info

Web application security scanner

.pdfWeb application security scanner.pdf

Contextual Overview

With so much of the world around us now entirely dependent on the fidelity and integrity of our IT systems, and with so many people eager and willing to exploit the smallest loophole in those systems for personal gain, there is no area of endeavor more critical to the smooth running of the modern world than IT security. Without doubt, one of the leaders in that vital sector of the industry is NTObjectives, and the biggest gun in their arsenal is NTOSpider.

NTOSpider is a market-leading product in the fight against security vulnerability and exploitation.  Its coverage of potential threats is second to none and it allows IT security teams to automatically scan a host of modern application technologies including JSON, REST, SOAP, HTML5 and AJAX.  It includes innovations that now make possible the automation of testing functions that previously were only available by manual testing, and it presents the findings of its tests quickly and in a clear and logical format. This allows IT teams to quickly assimilate the results and address critical areas of vulnerability.

The Challenge

In March 2012 Softage is called in to produce a Graphic User Interface (GUI) for this cutting edge IT security system, an area in which Softage has an acknowledged degree of expertise. The parameters are tight, the client’s intent for the usability of the interface is very clear, and the amount of time available is short. In addition, all the work is to be carried out without sight of the core of the security application, the integrity of which must to be preserved. Our difficult task is to look at the system from the user’s perspective and produce a friendly intuitive interface which presents search options logically, and results clearly and concisely.

Solution Overview

The user needs to be able to select from a number of available alternatives to optimize the search that they want to make. These include the ability to define the URLs which to be checked and also to setup and vary the scan limitations. Importantly, there was a recognised need to be able to offer the user the ability to exclude pages from the scan which satisfied certain criteria.

In September 2012, Softage delivers the project on time, on budget, and to the specifications laid down by NTObjectives. The client pronounces themselves to be delighted with what we have produced.

Tools & Technologies

WinForms, DevExpress and COM.