By Scott Denne
Customers, which range from companies like Citigroup Inc. and Microsoft Corp. to government arms such as the National Security Agency, give Core Security’s software information about what they want tested, such as a range of IP addresses, URLs and employee email addresses. The customers define the scope of the attack, such as operating on only a specific portion of the network or targeting a database of customer names. The software will then search for vulnerabilities, calculate an attack path through those and mimic the actions of an intruder.
Source: The Wall Street Journal