Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Automatic web application penetration testing

Core Security Technologies : 16 December, 2008  (New Product)
With the release of Core Impact Pro V8 security testing software, Core Security Technologies brings automatic testing capability for web applications to prevent SQL Injection attacks
Core Security Technologies has announced Core Impact Pro V8, the latest installment of its flagship security testing software solution. This new version of Core Impact Pro introduces Cross-Site Scripting (XSS) and Blind SQL Injection modules, extending the market's first and only automated web application penetration testing package to a new level by addressing two of the most prevalent information security threats facing organizations today.

Building on Core Impact Pro's range of comprehensive network, endpoint and web application testing capabilities, this latest iteration of the software provides customers with a powerful, cost-effective manner of generating actionable data to help address security risks while ensuring maximum ROI from existing IT defences.

"With attackers unleashing a constant barrage on corporate networks, endpoints and ubiquitous applications, organizations have found that proactive penetration testing conducted on a regular basis is highly effective at validating and rapidly improving their IT security posture,' said Charles Kolodgy, research director for Security Products at IDC. "By uncovering exploitable vulnerabilities across a wide range of potential threat vectors, organizations can move quickly to plug existing security gaps before their IT infrastructure is compromised."

Unlike vulnerability scanners, penetration testing with Core Impact Pro enables security staff to safely replicate sophisticated, real-world attacks that reveal exploitable weaknesses in complex web applications, giving developers the information they need to mitigate critical vulnerabilities.

With the release of Core Impact Pro V8, customers are able to extend the scope and efficiency of their information security testing initiatives in dramatic fashion via the addition of two new modules that will allow them to pinpoint critical web application exposures. The latest version of the product also offers expanded features for scheduling, managing and reporting on security tests.

'One of the most significant challenges facing organizations today is finding an effective method for assessing precisely how they are exposed to real world threats, especially within the context of securing web applications,' said Andre Gold, former CISO at Continental Airlines and ING. 'Core Impact is an invaluable asset to that end, and having the ability to test across assets ranging from web applications to network infrastructure in one solution is truly advantageous.'

In addition to the new Cross-Site Scripting and Blind SQL Injection modules, Core Impact Pro V8 offers new features that make it easier for organizations to integrate real-world security testing into their enterprise vulnerability management programs, including:

A new Delta Report tracks and compares test results over time, providing an ideal way for customers to present the progress of vulnerability management initiatives to compliance auditors and executive management. In addition, the default formatting and layout of all Core Impact Pro reports are now optimized to clearly present and manage the results of large penetration tests, allowing for simplified and straightforward benchmarking of results.

Customers can now schedule network and endpoint penetration testing, as well as vulnerability validation, to occur automatically on a regular basis, assuring security effectiveness as IT infrastructure evolves and as new threats emerge, and lending consistency to testing programs by enabling a more structured approach to assessment.

The new release offers a number of interface enhancements that make it easy to sort, filter and select target systems, and a new SQL database allows for rapid reporting on large-scale tests.

"In this past year we've seen new industry regulations and an increasingly sophisticated threat environment drive automated penetration testing even further into the mainstream," said Mark Hatton, CEO of Core Security Technologies. "With the release of Core Impact Pro V8, Core Security is demonstrating its continued commitment to providing the most comprehensive enterprise security testing solution on the market today. It enables our customers to more effectively validate their overall security posture and further prioritise IT spending to ensure that the defensive solutions they invest in are actually making them more secure."

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo