Resources

5 Security Tips
Blog

5 Steps to Building a Vulnerability Management Program Pt. 1

Fri, 05/22/2020
Let's talk about actual tactics you can put in place to start building or improving your vulnerability management program. Step 1: Set Smart Goals“To better mitigate risk” is not a goal. Everyone wants to mitigate risk and that’s why your organization has a security team. In order to set a goal for your vulnerability management program, you have to first understand what assets you have that need...
Blog

Remember These PCI Pen Testing Requirements

Fri, 05/22/2020
Things just got real for companies that need to comply with PCI requirements. Not only is PCI v3.2 mandated, the PCI Standards Security Council has issued guidance on using penetration testing as part of a vulnerability management program. Why are they buckling down? Part of the reason was explained well in the recent Verizon PCI Compliance Report. Compared to 2015, the 12 key requirements...
Compliance
5 Security Tips
Blog

5 Steps to Building a Vulnerability Management Program Part 2

Fri, 05/22/2020
Welcome to part two of our series on building a vulnerability management program. Today we go through steps three and four of our build but if you missed last week, you can catch up here. Step 3: PatchingYou’ve got your list of vulnerabilities from your scanner and now your vulnerability management solution has prioritized them all so the next step in this process is to start fixing your problems...
Penetration Testing
Threat Detection
Blog

The Latest Exploits Shipped to Core Impact

Thu, 05/21/2020
Summary of all of the exploits and updates shipped to Core Impact 2017 R2 since Sept 26th (the last Dot release): 17 Updates overall 9 Remote Exploits 3 Client-Side Exploits 4 Local Exploits 1 Product update Published modules: Remote Exploits: Trend Micro Mobile Security for Enterprise upload_img_file Arbitrary File Upload Vulnerability Exploit Adobe ColdFusion Java JMX-RMI Remote...
Blog

Tips for Success with Access Assurance Suite

Thu, 05/21/2020
So you’re using Core Access Assurance Suite (AAS). Maybe you’ve been using it for a while and have a routine down – but there may be ways to make your experience with this program even better. Every now and then it’s important to reassess the tools you are using to see how you can get more out of them. Today’s post is to share a few tips to help create a better user experience with the product...
Blog

Lessons Learned at Gartner Identity and Access Management Summit 2017

Thu, 05/21/2020
More than 1,800 delegates from companies around the globe converged last week in Las Vegas for Gartner’s annual Identity and Access Management (IAM) Summit. Gartner IAM is unique in that it is solely focused on identity and access management rather than covering all areas of security. The event presented the Core Security team with a great opportunity to spend quality time with some of our...
What is?
Blog

Security Answers in Plain English: What is a Man-in-the-Middle Attack?

Thu, 05/21/2020
"I heard on the news about how some sites and mobile apps are vulnerable to Man-in-the-Middle attacks. What is a Man-In-The-Middle Attack, how does it work, and how can I protect myself?" Man-in-the-Middle (MitM) attacks are basically one website stepping in-between you and a legitimate website so that whatever you do on the legitimate website can be seen and stolen by the attacker who owns the...
Blog

New Release - Core Impact 18.1

Thu, 05/21/2020
It is our mission to continue to produce the most effective and efficient security products and services on the market. Today, I am happy to announce the release of Core Impact 18.1, our market leading penetration testing solution – where we put the focus on enabling user-testing and social engineering. With this release, we’ve put the focus back on the user, or “client-side” testing, as email is...
Blog

The Latest Exploits Shipped to Core Impact 18.1

Thu, 05/21/2020
Summary for all of the exploits and updates shipped to Core Impact 18.1 since its release (on Feb 14th): 14 Updates Overall 3 Remote Exploits 5 Client-Side Exploits 3 Local Exploits 3 Product Updates Here is the list of published updates: Remote Exploits: Symantec Messaging Gateway performRestore OS Command Injection Exploit IBM Informix Open Admin Tool SOAP welcomeServer PHP Remote...
Common IAM Fears and How to Overcome Them
Video

Common IAM Fears and How to Overcome Them

Thu, 05/21/2020
Enterprises are facing a growing complexity crisis over identity management. It is often difficult to effectively manage, especially as the number of access relationships exponentially increase and our environments become subjects to purposeful attacks. Against this backdrop of negativity, this webinar examines the problems and solutions around IAM, and how you can better strategize and manage...
IGA
IT Security
Blog

Assess the Effectiveness of Your Security Controls with Penetration Testing

Thu, 05/21/2020
It’s important for all organizations to periodically assess and test security vulnerabilities, to better evaluate risk and be ready to detect, prevent and respond to threats as they happen. Vulnerability assessments, penetration tests and Red Teams help you identify and prioritize security risks, which also improves your overall security posture. Gartner recently released a detailed research...
Penetration Testing
Red Team