N-Stalker The Web Security Specialists

Other Links

• N-Stalker
• Management
• Timeline
• Investors
• Customers
• Press Release
• Career
• Contact
• Terms of Use
• Legal Notes

Timeline

» 2009

JANUARY

N-Stalker launches N-Stalker Web Application Security Scanner 2009.

N-Stalker Web Application Security Scanner 2009 is a sophisticated Web Security Assessment solution developed by N-Stalker. By incorporating the well-known "N-Stealth HTTP Security Scanner" and its 39,000 Web Attack Signature database along with a patent-pending Component-oriented Web Application Security Assessment technology, N-Stalker is a "must have" security tool to developers, system/security administrators, IT auditors and staff.

If you are concerned about SQL injection and Cross-site scripting attacks, N-Stalker will sweep your Web Application for a large number of vulnerabilities, including well-known standards such as "OWASP Top 10" and "PCI Data Security", and also custom security inspections to ensure your application's Secure Development Life Cycle (SDLC).

Customer's Free Upgrade: All N-Stalker active customers will be provided with instructions for immediate upgrade of their licenses, totally free of charge. N-Stalker's 2006 Version will be officially supported until March 31st, 2009.

» 2008

OCTOBER

Web Application Security Management Services adopt N-Stalker technology.

The "Component-oriented Web Application Security Assessment" technology (patent applied for by N-Stalker) is adopted to perform security management services in web applications, aiming at constantly monitoring the security level of a Web application in order to identify technical changes that might generate some sort of vulnerability or non-compliance, in accordance with cooperation agreement established between N-Stalker and Neotel Tecnologia Maximizada. With constant security monitoring from a "baseline" established jointly with customer, applications will now have definite information security metrics - subject to be certified and referenced in regulatory norms (examples: PCI, SOX, ISO 27001, etc).

SEPTEMBER

N-Stalker Web Application Security Scanner - 2009 Beta Version Program

The N-Stalker team is proud to announce the availability (for N-Stalker active customers, only) of the beta version of our next generation scanner:

"N-Stalker Web Application Security Scanner - 2009 Version"

According to our commercial licensing policy, all N-Stalker active customers are entitled to enroll our Beta Program and receive an advanced copy of this release. Among its outstanding features, here are the most relevant enhancements:

New Scan Engine:
Our new scan engine ("Scorpius 2009") provides a more effective scan experience in terms of both performance and accuracy.

New JavaScript Integration:
N-Stalker Scan Engine is fully integrated with Mozilla's SpiderMonkey Engine, providing interpretation/execution of JavaScript code, just like a web browser would do.

Ajax ready:
Applications running remote scripting capabilities will be fully supported by JavaScript execution, differently from other common tools currently applying framework pattern matching.

New Scan interface:
Our scan interface is now integrated again (policy editor, scan engine, tools), providing end-users with a more effective scanning experience. Users will be able to follow progress on each security assessment module and even follow crawling engine progress.

New Vulnerability Inspection Interface:
Your scan experience will be rewarded with a more detailed Vulnerability Inspection interface, allowing you to obtain details on how N-Stalker found the issue and even simulate the attack against the real target.

New Security checks and OWASP 2007 compliance:
Additional security checks have been introduced to comply with modern Web security standards such as OWASP 2007.

Web Macro Capabilities:
N-Stalker now introduces an easier way to add authentication mechanisms to the scan session -- "Web Macros" -- that can be recorded using the Web Browser of your preference by just pointing it to our embedded proxy engine.

New Policy/Wizard Interface:
We have rewritten the entire policy/wizard interface to provide you with an easier but effective configuration experience.

New Session Management:
We have introduced a management session capability, allowing users to re-open a finished scan session or even re-initiate a new scan based on the previously saved session.

» 2007

JANUARY

N-Stalker to lecture Web 2.0 Security practices on ISSA Day 2007

Security Challenge for Web 2.0 Applications on the ISSA DAY. Thiago Zaninotti, N-Stalker's CTO, was one of the lecturers of the first 2007's ISSA DAY, held at the auditorium of Microsoft Brazil's Head Office, in São Paulo, Brazil, on last January 30th, 2007, approaching the theme "Security Challenge for Web 2.0 Applications, as per invitation received from ISSA's Brazilian Chapter. Thiago spoke about safe development of Web Applications using the new RIA concepts (Rich Internet Application) and Web 2.0 (AJAX/Remote Scripting).

MAY

N-Stalker releases its Web Security Log Analyser.

N-Stalker is proud to make available to all customers its standard version of N-Stalker Web Log Security Analyser, a complete web log security analysis tool to inspect web server logs and detect attack attempts, trends and offenders.

N-Stalker Web Log Security Analyser includes capabilities to inspect web server logs against XSS & SQL injection, Parameter Tampering, Buffer overflow and N-Stealth Web Attack Database (more than 35,000 signatures).

JUNE

GTDOWNLOAD grants N-Stalker its "5 Stars Award".

GTDOWNLOAD has granted N-Stalker's products the "5 Stars Award". This means that "N-Stalker Web Application Security Scanner 2006" is highly appreciated and already on the top of the searches for such type of software solution.

» 2006

MARCH

N-Stalker Software Highlighted in Japan: The Japanese magazine ASCII-BUSINESS.COM published, in its March/2006 edition, an article highlighting N-Stealth Software Scanner as an effective tool for WEB security scanning routines

MAY

N-Stalker unleashes security flaw on Apache's environment: Security Researchers at N-Stalker's Web Security Intelligence Labs have unleashed a security flaw that affects all versions of Apache and may cause client-side application to be vulnerable against malicious attackers.

SEPTEMBER

N-Stalker releases N-Stalker Web Application Security Scanner 2006

N-Stalker is proud to announce the release of the next generation of N-Stalker's Web Application Security assessment software: N-Stalker Web Application Security Scanner 2006, designed to cover all phases of the Web Security Development Life Cycle with its own and exclusive technology (patent pending), known as a Component-oriented Web Application Security Scanning.

The concept of different scanning profiles - Development & QA, Infrastructure & Deploy and Audit & Pen-test analysis - will give customers the ability to verify relevant security issues based on their web application life-cycle, ranging from OWASP Top 10 security recommendations to Bugtraq 0-day vulnerabilities being exploited by malicious users in the wild.

N-Stalker Web Application Security Scanner 2006 is shipped in three commercial editions:

1) N-Stalker Enterprise Edition (For Auditors, Security Professionals and the entire organization, the most complete solution in one package containing Development (QA Edition), Infrastructure (Infrastructure Edition) and Audit checks).
2) N-Stalker QA Edition (For developers and Software Quality Assurance Professionals).
3) N-Stalker Infrastructure Edition (For Web Server Administrators and IT Professionals).

N-Stealth now becomes new N-Stalker Infrastructure Edition!

The N-Stealth HTTP Security Scanner evolved to N-Stalker Infrastructure Edition Perpetual License, whose migration was granted to N-Stalker's customers without any additional cost.

N-Stalker Web Application Security Scanner 2006 Free Edition

N-Stalker Web Application Security Scanner 2006 Free Edition is meant to replace previous available N-Stalker technology, i.e., the N-Stealth HTTP Security Scanner. It provides a free set of Web Security Assessment checks to enhance the overall security of your web server infrastructure, using the most complete web attack signature database available in the market - "N-Stealth Web Attack Signature Database(TM)".

NOVEMBER

N-Stalker is participating in the 8th Symposium on Security in Informatics - 2006, promoted by the Instituto Técnico de Aeronáutica - ITA (Technical Institute of Aeronautics), in São Jose dos Campos, State of São Paulo, Brazil, on November 8-10, 2006 - an event which counts with the participation of specialists and authorities for discussions concerning innovations and the current most modern, state-of-the-art technologies applied to security in informatics.

Thiago Zaninotti, N-Stalker's CTO, will be one of the speakers on November 9th/06, at 04:30 PM, approaching the theme "Web Application Security: Trends and Challenges of the New Web 2.0 Technology".

DECEMBER

Talking about the theme "Insecurity in Web 2.0 and Pen-Test in Web Applications", N-Stalker's CTO, Thiago Zaninotti, was one of the lecturers of the Hackers 2 Hackers Conference III, a meeting which took place at Universidade FMU (FMU University), in São Paulo, Brazil, from November 24th to 26th 2006, gathering world's main Web security specialists.

» 2005

MARCH

German IT magazine article highlights N-Stealth software: N-Stealth software tool was the theme of a software capability diagnosis series of tests carried out by Hisolutions AG security consultant Christopher Puppe, for the specialized German IT publication IX Magazin Für Professionelle Informationstechnik, from Hannover, Germany.

JUNE

N-Stalker wins new certification: (ISC)2 has granted Thiago Zaninotti, N-Stalker´s founder and CTO (previously certified as CISSP - Certified Information Systems Security Professional), the ISSAP certification (Information Systems Security Architecture Professional), whose certification provides information security professionals not only with an objective measure of competence but also with a globally recognized standard of achievement.

N-Stalker Promotes Technological Innovation: N-Stalker has been awarded with the Certificate of Participation of FINEP´s Award Prize for Technological Innovation, promoted by FINEP (Brazilian Study and Project Financing Entity) and by the Brazilian Innovation Agency (a public entity linked to the Ministry of Science and Technology).

JULY

N-Stalker cited during OWASP EUROPE 2005: N-Stalker Products were focused during the OWASP Europe 2005 [Conference}, held on April 9-10, 2005, at Royal Holloway, University of London, Egham, Surrey, U.K.

OCTOBER

"10 Network Security Assessment Tools You Can't Live Without": Windows IT Pro (one of IT world's most serious, reliable publications) mentioned N-Stalker Security Scanner Software Tools in its October/05 Edition (article written by Jerry Cochran - Contributing Editor), ranking them among the 10 best Network Security Assessment.

» 2004

JUNE

N-Stalker is present at the 10th Brazil Meeting of Risk Capital: FINEP has selected N-Stalker amongst almost one hundred entrepreneurs due to its technology and innovating strategies on the scenario of the technological basis companies in Brazil.

JULY

N-Stealth 5.8 is released, coming with a new and modern graphical interface - which gives more flexibility when surfing -- aggregating a new method of Fast Track for scanning and a new HTTP controller.

NOVEMBER

N-Stealth Free Edition v5.8 Released: This version will introduce a complete visual change in N-Stealth's general look'n'feel. It contains a database of more than 20,000 HTTP attack signatures -- including support for the SSL protocol (HTTPS).

N-Stalker was the main attraction in "Brazilian software spreads all over the world", a program broadcasted on November 21st, 2004 by TV Globo, one of the main Brazilian TV broadcasting networks, which focused the competence and excellence of Brazilian companies acting in the development of state-of-the-art, technological know-how, as well as presenting creative solutions of software tools to win the competitive global market in this field.

» 2003

JANUARY

N-Stealth 3.7 released detects the Top Ten OWASP Web Application Vulnerabilities

FEBRUARY

N-Stealth 3.7 released detects the Top Ten OWASP Web Application Vulnerabilities.

JULY

N-Stealth Scanner 5.0 Released: this version brings a different conception regarding its exploitation techniques. It was constructed to fulfill all of our customers' demands, including the support for the most well-known WEB Protocols (HTTP and HTTPS).

SEPTEMBER

New version 5.1 of N-Stealth is available: it has so far reached a database of over 30,000 security checks.

OCTOBER

N-Stealth 5.2 is made available: There are some innovative features including N-Stealth Automatic Software Update, N-Stealth False Positive Keyword Filter, Flexibility to the Vulnerabilities Browser and Advanced command line support.

NOVEMBER

N-Stealth 5.2 Free Edition is released: it is still fully functional and capable of identifying security weaknesses in any HTTP-enabled device. It contains a database of 16,000 security checks.

DECEMBER

N-Stealth 5.5 is made available: Introducing the features requested by our customers.

» 2002

FEBRUARY

N-Stealth HTTP Security Scanner is in Maximum Windows 2000 Security. Maximum Windows 2000 Security is a comprehensive, solution-oriented guide to Windows 2000 security.

APRIL

N-Stealth 3.0 HTTP Security Scanner is launched, improving the scanner technology currently in use and offering a database comprehending 19,000 attack signatures.

MAY

N-Stealth is compatible to the patterns of vulnerabilities nouns and other CVE security exposures (Common Vulnerabilities and Exposures) of Mitre Belgium Organization. It is the first software in Latin America recognized for this standard.

JUNE

N-Stalker Releases Apache Chunked Scanner - announce the availability of a free security tool that can scan networks for the new Apache chunked-encoding remote vulnerability. It runs on all Windows systems, as well as Linux with WINE.

JULY

N-Stealth HTTP Security Scanner is in Privacy Defended, the comprehensive book that melds detailed, how-to information on PC software, hardware and operating system security within the context of protecting one's privacy in a digital world.

AUGUST

N-Stealth Scanner 3.5 Released, including the web server vulnerabilities Apache Directory Traversal, Sun iPlanet overflow, PHP Gallery code injection bugs.

OCTOBER

N-Stealth 3.5 detects the web server vulnerabilities of SANS/FBI Top 20 v2.6 .

» 2001

MARCH

A free version of N-Stealth 1.0 HTTP Security Scanner Software is created and made available to identify vulnerabilities and exploits on the Internet.

SEPTEMBER

N-Stealth HTTP Security Scanner commercial version is launched worldwide, with a database containing more than 15,000 attack signatures.

OCTOBER

N-Stealth HTTP Security Scanner is object of studies at "Auditing Networks, Perimeters and Systems" - of the SANS Network Security 2001 conference in San Diego, California.

NOVEMBER

A brief commentary about the N-Stealth HTTP Security Scanner can be found at Hacking Exposed Windows 2000 book. The review can be found on pages 249 and 250.

» 2000

APRIL

N-STALKER is founded in Brazil on April 18 - a company gathering a staff of specialists in Internet Security software applications.