Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Wi-fi attack exposure can be discovered with Core Impact Pro at version 10

Core Security Technologies : 16 December, 2009  (New Product)
The Automated Penetration Testing system from Core Security Technologies now includes the ability to assess wireless network vulnerabilities
Core Security Technologies, the provider of Core Impact Pro, the most comprehensive product for proactive enterprise security testing, has announced Core Impact Pro v10, one of the most significant updates ever to its flagship automated penetration testing software solution. This latest version of Core Impact Pro provides IT security managers with an unmatched level of visibility into their enterprise IT risks, allowing them to replicate real-world cyber attacks that reveal critical exposures across a wide range of IT assets.

Among the significant additions included in Impact Pro v10 are:

* The addition of integrated wireless penetration testing
* Broader coverage of OWASP top web application risks
* Inclusion of community product usage data
* Support for use on and testing of Windows 7
* Improvements to the product's GUI, agent technology, and much more

'The new wireless attack features and OWASP coverage extends automated penetration testing to the areas of most concerning risk," said Karl Smith, Global Security Architect at BT Global Services. "IMPACT Pro v10 builds upon Core's innovation in leadership in the vulnerability management market.'

Integrating Wireless Penetration Testing Capabilities

With Impact Pro v10 penetration testing software, organizations can now assess their vulnerability to wireless intrusions leveraging new features that are fully integrated with the product's existing network, endpoint and web applications assessment capabilities. New, real-world security testing capabilities for WiFi networks include:

* Discovery of both known and unauthorized WiFi networks and access points
* Information gathering on network strength, security protocols and connected devices
* Attack and penetration of networks encrypted with WEP, WPA-PSK and WPA2-PSK
* Automated traffic sniffing for finding streams of sensitive data
* Capabilities for joining cracked networks and testing other systems accessible from those networks
* Comprehensive reports of wireless testing activities and findings
* Seamless pivoting between wireless, network, web application and client-side tests, replicating multi-staged attacks that trace chains of vulnerabilities to sensitive backend data

As evidenced in recent attacks carried out against major enterprise companies, including those that have passed mandated compliance audits, unmanaged or improperly secured wireless networks can serve as an initial point of entry for attackers seeking access to protected backend databases. By allowing customers to conduct automated testing across the widest array of threat vectors, Impact Pro v10 empowers organizations to gauge their exposure to advanced hacking and malware assaults in the most realistic, comprehensive manner of any product offered on the market today.

"Wireless use has exploded in business and attackers have found many vulnerable WLANs to exploit," said John Pescatore, analyst with Gartner. "Enterprises need to make sure their vulnerability assessment processes incorporate WLAN technologies into both continuous monitoring and periodic penetration testing."

Advancing Web Applications Testing to Address OWASP Identified Risks

Attacks on web applications continue to proliferate and become more sophisticated, presenting a significant challenge to organizations increasingly dependent on online systems to connect with their customers, employees and business partners.

In Impact Pro v10, Core Security advances automated web applications penetration testing to help organizations address six of the top ten web applications flaws as ranked by the widely respected Open Web Application Security Project (OWASP).

OWASP vulnerabilities newly addressed by IMPACT Pro include:

* A4 Insecure Direct Object References + A7 Failure to Restrict URL Access - new IMPACT Pro modules for identifying hidden, backup and old pages in web applications + new capabilities for discovering and analyzing robots.txt files to reveal admin pages and other sensitive URLs.
* A10 Insufficient Transport Layer Protection - new SSL strength module for flagging weak levels of encryption in HTTPS-secured sites.
* A6 Security Misconfiguration - by testing not only the web application but also the web server and network infrastructure, IMPACT can identify any security issue that compromises the integrity of the web application.

These new modules build on IMPACT Pro's preexisting assessment capabilities for OWASP Top 10 risks including:

* A1 Injection Flaws
* A2 Cross-Site Scripting (XSS)

Advancing Penetration Testing Results Metrics and Measurement

Impact Pro v10 also delivers previously unavailable capabilities for accessing and sharing penetration testing data, offering organizations the ability to compare results from multiple assessment sessions, along with empowering them to delve further into local usage information and benchmark their internal efforts against statistics compiled from across the broader Core Impact customer community.

By allowing organizations to examine more in-depth penetration testing results from within their own environments, as well as giving them the ability to understand trends in assessments being carried out by Impact Pro users around the globe, customers can not only gain increased insight into how their own operations are affected by specific classes of vulnerabilities, but also attain an understanding of how they stack up in comparison to other organizations.

"Faced with a rapidly expanding array of emerging threats and compliance requirements, including significant concerns introduced by the adoption of wireless networks, organizations need the ability to run tests across their IT infrastructure to understand where their most critical points of risk exist," said Mark Hatton, CEO of Core Security Technologies. "Core Impact Pro v10 is the only product on the market today that allows organizations to assess their exposure to real-world attacks, prepare for audits, and benchmark their overall state of security standing in such a comprehensive and integrated manner."

Adding Breadth and Depth to Comprehensive Security Assessments

Core Security is committed to providing our customers with the ability to assess their security posture across the broadest range of possible attack vectors, using testing techniques that mirror the approaches used by actual attackers. The release further extends Core Impact Pro with additional capabilities for:

* Gaining full GUI access of exploited systems through remote desktop control
* Identifying social security numbers, credit card numbers and other data in exposed file systems
* Embedding Impact Agents into PDF files and executables for phishing and spear phishing tests
* Identifying and impersonating user accounts via Core Security's open-source Pass-the-Hash and Who Is There tools
* Support for use on Microsoft Windows 7 systems

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo