Keeping up with penetration testing

One of the ultimate tests for any data security regime is to see if it is possible to get past the defences and get hold of some data, and as the hackers and cyber-criminals are always coming up with new tricks, this penetration testing approach is always in need of updating, and repeated testing.

This is particularly important as mobile devices such as smartphones and tablets are becoming increasingly mainstream tools for business users as well as consumers.

To that end, Core Security a provider of penetration testing and predictive security intelligence tools, has announced the latest version of its CORE ImpactPro 2014 R1vulnerability assessment and penetration testing software. This is designed to allow organisations to proactively test IT infrastructure and identify where and how their critical data can be breached.

“As a long-time user, I always look forward to the latest version of CORE Impact Pro and the new functionality it delivers”

This latest version advances Impact’s state-of-the-art functionality, strengthens existing mobile and web services testing capabilities, and adds compliance for a series of new industry standards. For example, it adds the ability to test the web services used by mobile client applications, provides support for the latest OWASP Top 10, compatibility with the recently updated MITRE CVE Identifiers, and HTTP/HTTPS communication channels to exploited 32-bit Linux machines.

In addition to these new features, It is supported by the company’s extensive library of nearly 3,000 commercial-grade exploits and other attack techniques.

With the latest version of Impact, users are now able to test web services used by mobile applications. When performing web services testing, the tool sits in between a mobile app and its backend application server. It then harvests the server requests and use these as a baseline to test the target backend web services and identify vulnerabilities in them.

This simulates what a malicious attacker may do in order to exploit and extract information from the servers. With CORE Impact Pro, developers can be sure that the web services used by mobile applications are not vulnerable to a malicious attack.

The latest version also supports the most-recent OWASP Top 10 list; this publicises the most-critical web application security flaws as determined by Open Web Application Security Project (OWASP). Impact Pro's vulnerability test allows users to target web applications in order to evaluate their vulnerability to known exploits on the OWASP Top 10 list. The OWASP Top 10 represents a broad consensus about the most-critical web application security flaws.

It also expands its existing multi-platform support by providing HTTP/HTTPS communications channels for 32-bit Linux platforms. This allows deployed agents to communicate securely via encrypted channels, thereby helping to avoid detection by IPS systems.

“We continue to build on Impact’s deep heritage and this year’s version is the latest example of our commitment to meeting the needs of the penetration testing and vulnerability assessment market,” said Milan Shah, senior vice president of Products and Engineering at CORE Security. “Mobile applications are growing at incredible rates. Giving developers of these applications the ability to test new applications prior to release helps to avoid security vulnerabilities. We’ve also built on the HTTP/HTTPS communications channels capabilities of prior versions to offer these on a 32-bit Linux platform. This latest version of Impact addresses many of the requests we get from our installed base of dedicated users.”