When conducting a penetration test, most testers will develop some type of process, and repeat that same process on every engagement. As I think through the basics of penetration testing, I believe that process can be broken up into six steps.

Now, I’m not saying every tester follows every step or performs these steps in this exact order, however, this is a pretty good process to follow. Let’s take a closer look at each step.

It’s important for all organizations to periodically assess and test security vulnerabilities, to better evaluate risk and be ready to detect, prevent and respond to threats as they happen. Vulnerability assessments, penetration tests and Red Teams help you identify and prioritize security risks, which also improves your overall security posture.

Gartner recently released a detailed research report covering the use of penetration testing and Red Teams. The report describes the processes and suggests ways that organizations can use them to reduce risk.

Summary for all of the exploits and updates shipped to Core Impact 18.1 since its release (on Feb 14^th):

• 14 Updates Overall
• 3 Remote Exploits
• 5 Client-Side Exploits
• 3 Local Exploits
• 3 Product Updates

Here is the list of published updates:

Streamline Penetration Testing Documentation with Flexible, Automated Reports

Core Impact's robust reporting capabilities have evolved significantly in the last few years, empowering penetration testers and security professionals to generate customized reports that align with specific organizational needs and compliance requirements. With the latest version and ongoing enhancements, Core Impact delivers unparalleled flexibility in documenting security assessments.

It is our mission to continue to produce the most effective and efficient security products and services on the market. Today, I am happy to announce the release of Core Impact 18.1, our market leading penetration testing solution – where we put the focus on enabling user-testing and social engineering.

Summary of all of the exploits and updates shipped to Core Impact 2017 R2 since Sept 26^th (the last Dot release):

Welcome to part two of our series on building a vulnerability management program. Today we go through steps three and four of our build but if you missed last week, you can catch up here. 

At the age of six, my parents were looking for ways to get me out of the house and burn some of that energy every six-year-old child has. On top of being pretty small, I grew up in a small town. So my options for youth sports were pretty limited. However, through a series of conversations, my parents decided to get me involved in the youth wrestling program. What I didn’t understand at the time, was this was the beginning of many life lessons. In today’s blog, I want to talk about a few of those lessons and how they correlate to running web application pen tests.