AUGUST 14, 2006 | BOSTON
Core Security Technologies, provider of CORE IMPACT, the first-to-market penetration testing product for assessing specific information security risks, today announced CORE IMPACT 6, a new edition of the company's flagship software product designed to help companies easily and efficiently test their network security policies. This latest version of CORE IMPACT features a completely new framework to simplify client-side penetration testing. Client-side attacks are used to take control of end-user systems and thereby gain access to key corporate assets. This version also includes the next generation of CORE IMPACT's patent-pending agent technology, expanded support for new target platforms, and new data export capabilities for easily incorporating penetration testing results into other databases or products.
"Penetration testing is a critical part of every organization's security process," said Mike Rothman, president and principal analyst of Security Incite. "Given the significant 'innovation' coming out of the hacking community, it's critical that the tools used to perform penetration testing are current and state of the art, simulating new client-side attack vectors and covering prevalent platforms that are increasingly targeted."
New Framework for Efficient Client-Side Penetration Testing
Client-side applications, such as Web browsers, instant messaging, media players, spreadsheets and word processing software, have become increasingly vulnerable to exploit by malicious attackers who often use social engineering techniques. Because of this, enterprises are recognizing the need to verify that their security measures, including end-user education programs, are protecting them against these new threats. To support these efforts, IMPACT 6 has a completely new framework that has been optimized for testing client-side applications in a simple and efficient manner. Core Security has also updated all of CORE IMPACT's existing client-side exploits to take advantage of the new framework capabilities, which include:
* New database entities for managing client-side information-CORE IMPACT's database can now store information related to the client-side aspects of a penetration test, including contacts, email addresses and host information.
* Client-side information gathering-IMPACT 6 features new information gathering capabilities to enable users to quickly collect contact and email information utilizing a variety of techniques.
* Optimized GUI and New Generic View-In addition to IMPACT's existing Visibility View, a new Generic View is now available. This new View includes functionality to search the IMPACT database, and to organize host and contact information into user-created folders, providing quick access to relevant information.
* RPT Integration-Ability to leverage IMPACT's unique Rapid Penetration Testing (RPT) graphical user interface and methodology once initial client-side attacks are successful.
"CORE IMPACT 6 demonstrates once again Core Security's commitment to providing leading-edge capabilities for its customers, helping us to better audit the security of our networks," said Larry Pesce, security director, Care New England. "Every security threat report I read today talks about the upswing in client-side attacks, and now I'll be able to quickly and easily assess this for Care New England and evaluate the effectiveness of our internal education programs."
Source: Dark Reading