Core Security Redefines Web Application Pen Testing with Automated Cross-Site Scripting, Blind SQL Injection
BOSTON - December 15, 2008 - Core Security Technologies today announced CORE IMPACT Pro V8, the latest installment of its flagship security testing software solution. This new version of CORE IMPACT Pro introduces Cross-Site Scripting (XSS) and Blind SQL Injection modules, extending the market’s first and only automated web application penetration testing package to a new level by addressing two of the most prevalent information security threats facing organizations today.
Building on CORE IMPACT Pro’s range of comprehensive network, endpoint and web application testing capabilities, this latest iteration of the software provides customers with a powerful, cost-effective manner of generating actionable data to help address security risks while ensuring maximum ROI from existing IT defenses.
“With attackers unleashing a constant barrage on corporate networks, endpoints and ubiquitous applications, organizations have found that proactive penetration testing conducted on a regular basis is highly effective at validating and rapidly improving their IT security posture," said Charles Kolodgy, research director for Security Products at IDC. “By uncovering exploitable vulnerabilities across a wide range of potential threat vectors, organizations can move quickly to plug existing security gaps before their IT infrastructure is compromised.”
Unlike vulnerability scanners, penetration testing with CORE IMPACT Pro enables security staff to safely replicate sophisticated, real-world attacks that reveal exploitable weaknesses in complex web applications, giving developers the information they need to mitigate critical vulnerabilities.
With the release of CORE IMPACT Pro V8, customers are able to extend the scope and efficiency of their information security testing initiatives in dramatic fashion via the addition of two new modules that will allow them to pinpoint critical web application exposures. The latest version of the product also offers expanded features for scheduling, managing and reporting on security tests.
"One of the most significant challenges facing organizations today is finding an effective method for assessing precisely how they are exposed to real world threats, especially within the context of securing web applications," said Andre Gold, former CISO at Continental Airlines and ING. "CORE IMPACT is an invaluable asset to that end, and having the ability to test across assets ranging from web applications to network infrastructure in one solution is truly advantageous."
In addition to the new Cross-Site Scripting and Blind SQL Injection modules, CORE IMPACT Pro V8 offers new features that make it easier for organizations to integrate real-world security testing into their enterprise vulnerability management programs, including:
- Comparing Test Results Over Time
A new Delta Report tracks and compares test results over time, providing an ideal way for customers to present the progress of vulnerability management initiatives to compliance auditors and executive management. In addition, the default formatting and layout of all CORE IMPACT Pro reports are now optimized to clearly present and manage the results of large penetration tests, allowing for simplified and straightforward benchmarking of results.
- Scheduling Regular Testing
Customers can now schedule network and endpoint penetration testing, as well as vulnerability validation, to occur automatically on a regular basis, assuring security effectiveness as IT infrastructure evolves and as new threats emerge, and lending consistency to testing programs by enabling a more structured approach to assessment.
- Managing Large-Scale Testing
The new release offers a number of interface enhancements that make it easy to sort, filter and select target systems, and a new SQL database allows for rapid reporting on large-scale tests.
“In this past year we’ve seen new industry regulations and an increasingly sophisticated threat environment drive automated penetration testing even further into the mainstream,” said Mark Hatton, CEO of CoreSecurity Technologies. “With the release of CORE IMPACT Pro V8, Core Security is demonstrating its continued commitment to providing the most comprehensive enterprise security testing solution on the market today. It enables our customers to more effectively validate their overall security posture and further prioritize IT spending to ensure that the defensive solutions they invest in are actually making them more secure.”
CORE IMPACT Pro V8 is currently available and shipping.
About Core Security Technologies
Core Security Technologies is the leader in comprehensive security testing software solutions that IT executives rely on to expose vulnerabilities, measure operational risk and assure security effectiveness. The company’s CORE IMPACT product family offers a comprehensive approach to assessing the security of network systems, endpoint systems, email users and web applications against complex threats. All CORE IMPACT security testing solutions are backed by trusted vulnerability research and leading-edge threat expertise from the company’s Security Consulting Services, CoreLabs and Engineering groups. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at: http://www.coresecurity.com.