Core Impact Updates: Python Agents and OWASP Top 10

Though we have a new release planned for later this year, we’ve made some updates to Core Impact that we just couldn’t wait to release and share! First, we have a new agent written in Python to expand its use to different environments and further enhance its flexibility. Additionally, we’re staying on top of the latest threats by updating to the latest OWASP Top 10 list, making web application tests even more effective.

Python Agent

Core Impact agents are binary implants which can be placed into the memory or file system of a targeted or compromised remote host. A new agent written in Python supports the exploitation and post-exploitation capabilities within any system supporting a Python 2/3 installation, including ARM architectures like Raspberry Pi, macOS, or even IBM i. Such an agent could be used as a jumping off point to perform an internal test from an external network, like a cloud environment.

This new agent highlights the importance of pen testing different parts of your IT environment, and not just primary systems and parts of the infrastructure, like workstations and servers. Attackers often rely on this focus and use less common environments to sneak in unnoticed, enabling them to pivot to other systems and linger for longer.

OWASP Top 10

The Open Web Application Security Project (OWASP) is well known for its Top 10 list, which has come to be regarded as a standard in the industry for application security. At the end of 2021, OWASP came out with some exciting new changes to this list. In addition to adding new categories, others were renamed and redefined. The new list is now:

1. Broken Access Control
2. Cryptographic Failures
3. Injection
4. Insecure Design
5. Security Misconfiguration
6. Vulnerable and Outdated Components
7. Identification and Authentication
8. Software and Data Integrity Failures
9. Security Logging and Monitoring Failures
10. Server-Side Request Forgery

 Given the extensive updates to this list, we’ve made corresponding changes to Core Impact. You’ll now be able to test web applications against the new OWASP Top 10.

These latest features allow Core Impact users to conduct more impactful pen testing engagements with increased flexibility and effectiveness.