Multi-Vector Penetration Testing Solution with Core Impact Pro
Core Impact Pro is the most comprehensive, commercial-grade penetration testing product available, enabling you to conduct real-world assessments across a broad spectrum of risk areas, including:
End-User Security Awareness Testing
End-User Security Awareness Testing with Core Impact Pro determines the susceptibility of email users to social engineering attacks, assesses the overall security of their systems, and depicts how individual client-side exposures can be linked to large-scale breaches of backend servers.
Endpoint Penetration Testing
Mobile Device Penetration Testing
Mobile device penetration testing with Impact Pro pinpoints and addresses gaps in end-user awareness and security exposures in their devices before attackers do. With Core Impact Pro’s Mobile Device Penetration Testing capabilities, you can demonstrate the exploitability of iPhone®, Android™ and BlackBerry® smart phones using the same attack techniques employed by criminals today.
Network Device Penetration Testing
Impact Pro is the first commercial-grade penetration testing software that can specifically target network devices and prove how a single intrusion could escalate into a widespread data breach.
Network Penetration Testing
Network Penetration Testing with Core Impact Pro replicates the actions of an attacker taking advantage of OS, service and application weaknesses across network systems, revealing where exploitable vulnerabilities are, how they can be linked to traverse your network, how defenses react, and what remediation steps are necessary.
Password and Identity Cracking
CloudCypher, a new online service from Core, works with Windows NTLM Hashes discovered by Impact Pro during testing and attempts to determine plaintext passwords for those hashes. Any passwords that are determined will be passed back to the Impact Pro workspace that requested them. This is done through the use of modules, the original module that submitted the hashes will be used to retrieve the resulting passwords. These obtained passwords can then be used for additional security testing. CloudCypher was created and is managed by Core and held within Amazon Web Services.
Web Application Penetration Testing
Web Application Penetration Testing with Core Impact Pro allows you to pinpoint exploitable Cross-Site Scripting, SQL Injection and all other OWASP Top 10 vulnerabilities in your web applications, not only giving visibility into where application weaknesses exist, but also determining how they can open the door to subsequent network-based attacks.
Wireless Network Penetration Testing
Wireless Penetration Testing with Core Impact Pro allows IT security managers to identify at-risk wireless networks, crack encryption codes, and trace attack paths from initial points of wireless exposure to backend resources housing critical data -- gaining actionable data at each step for efficient remediation.
Testing the Efficacy of IPS/IDS, Firewalls and Other Defenses
Using Core Impact software solutions, you can proactively test the efficacy of their network, endpoint, web application, wireless, and email defenses both to ensure that these technologies are working properly, and to aid in the process of evaluating products to determine ROI and influence future buying decisions.
Validating Vulnerabilities Identified by Scanners
Core Impact integrates with the most widely-used network and web vulnerability scanners, allowing you to import scan results and run exploits to test identified vulnerabilities.
SCADA Security Testing
Core Security is partnering with ExCraft labs, a Core Secured Partner, that has created numerous exploits specifically for SCADA systems, that are utilized in Core Impact Pro.