Skip to main content
Core Security Logo Core Security Logo
  • Contact Us
  • Support
  • All Fortra Products
  • FREE TRIALS
  • Contact Us
  • Support
  • All Fortra Products
  • FREE TRIALS
  • Cyber Threat

      Products

      • Core Impact Penetration testing software
      • Cobalt Strike Red team software
      • Outflank Security Tooling (OST) Evasive attack simulation
      • Event Manager Security information and event management
      • Powertech Antivirus Server-level virus protection
      • Product Bundles

      Solutions

      • Penetration Testing
      • Penetration Testing Services
      • Offensive Security
      • Threat Detection
      • Security Information and Event Management
    • Penetration Testing Services Security consulting services
  • Identity

      Products

      • Access Assurance Suite User provisioning and governance
      • Core Password & Secure Reset Self-service password management
      • Core Privileged Access Manager (BoKS) Privileged access management (PAM)

      Solutions

      • Privileged Access Management
      • Identity Governance & Administration
      • Password Management
    • See How to Simplify Access in Your Organization | Request a Demo
  • Industries
    • Healthcare
    • Financial Services
    • Federal Government
    • Retail
    • Utilities & Energy
    • Higher Education
    • Compliance
  • Resources
    • Upcoming Webinars & Events
    • Blogs
    • Case Studies
    • Videos
    • Datasheets
    • Guides
    • Ecourses
    • Compliance
    • All Resources
  • CoreLabs
    • Advisories
    • Exploits
    • Publications
    • Articles
    • Open Source Tools
  • About
    • Partners
    • Careers
    • Press Releases
    • Contact Us
  1. Home
  2. Blog
  3. Core Impact Updates: Python Agents and OWASP Top 10

Core Impact Updates: Python Agents and OWASP Top 10

Though we have a new release planned for later this year, we’ve made some updates to Core Impact that we just couldn’t wait to release and share! First, we have a new agent written in Python to expand its use to different environments and further enhance its flexibility. Additionally, we’re staying on top of the latest threats by updating to the latest OWASP Top 10 list, making web application tests even more effective.

Python Agent

Core Impact agents are binary implants which can be placed into the memory or file system of a targeted or compromised remote host. A new agent written in Python supports the exploitation and post-exploitation capabilities within any system supporting a Python 2/3 installation, including ARM architectures like Raspberry Pi, macOS, or even IBM i. Such an agent could be used as a jumping off point to perform an internal test from an external network, like a cloud environment.

This new agent highlights the importance of pen testing different parts of your IT environment, and not just primary systems and parts of the infrastructure, like workstations and servers. Attackers often rely on this focus and use less common environments to sneak in unnoticed, enabling them to pivot to other systems and linger for longer.

OWASP Top 10

The Open Web Application Security Project (OWASP) is well known for its Top 10 list, which has come to be regarded as a standard in the industry for application security. At the end of 2021, OWASP came out with some exciting new changes to this list. In addition to adding new categories, others were renamed and redefined. The new list is now:

  1. Broken Access Control
  2. Cryptographic Failures
  3. Injection
  4. Insecure Design
  5. Security Misconfiguration
  6. Vulnerable and Outdated Components
  7. Identification and Authentication
  8. Software and Data Integrity Failures
  9. Security Logging and Monitoring Failures
  10. Server-Side Request Forgery

 Given the extensive updates to this list, we’ve made corresponding changes to Core Impact. You’ll now be able to test web applications against the new OWASP Top 10.

 

These latest features allow Core Impact users to conduct more impactful pen testing engagements with increased flexibility and effectiveness.

Related Products
Core Impact
Related Solutions
Penetration Testing
Related Content
What is OWASP
Blog
What is OWASP?
ransomware simulator
Blog
Core Impact Introduces Ransomware Simulation
Incorporating New Tools into Core Impact
Blog
Incorporating New Tools into Core Impact

Want to See Core Impact in Action?

CTA Text

Watch an on-demand demo to see how Core Impact allows you to conduct advanced penetration tests with ease.

WATCH THE DEMO
  • Email Core Security Email Us
  • Twitter Find us on Twitter
  • LinkedIn Find us on LinkedIn
  • Facebook Find us on Facebook

Products

  • Access Assurance Suite
  • Core Impact
  • Cobalt Strike
  • Event Manager
  • Browse All Products

Solutions

  • Identity Governance

  • PAM
  • IGA
  • IAM
  • Password Management
  • Vulnerability Management
  • Compliance
  • Cyber Threat

  • Penetration Testing
  • Red Team
  • Phishing
  • Threat Detection
  • SIEM

Resources

  • Upcoming Webinars & Events
  • Corelabs Research
  • Blog
  • Training

About

  • Our Company
  • Partners
  • Careers
  • Accessibility

Support

Privacy Policy

Contact

Impressum

Copyright © Fortra, LLC and its group of companies. All trademarks and registered trademarks are the property of their respective owners.