CORE Impact Pro 2013 R2 introduces new surveillance camera capabilities that test networked cameras for vulnerabilities and authentication weaknesses, which Impact can leverage to provide access to the compromised camera’s video feed.
This version also extends the product’s web application testing capabilities to identify vulnerabilities in Web Services used in Web 2.0 and AJAX applications. In addition, the new version contains enhanced remediation and validation reporting. Impact 2013 R2 is supported by the company’s extensive library of more than 3,100 commercial-grade exploits and other attack techniques.
Millions of surveillance cameras are being added to networks at enterprises and organizations, globally. With the added ability to monitor activities comes the added risk of more potentially unprotected devices on the network. CORE Labs has done extensive research on surveillance camera vulnerabilities and has published several advisories on the subject. The added surveillance camera capabilities provide security professionals with the ability to fingerprint and assess the security posture of these devices, as they currently do with other networked devices.
CORE Impact Pro 2013 R2 also supports SOAP and REST (using JSON) Web Services testing. During the web application information gathering CORE Impact identifies Web Services definitions and calls, adding them to the list of items to test. Impact supports automatic discovery of web services, but in cases where that is not sufficient, Impact offers an “interactive web crawling” feature that allows a user to dig deeper into an application by manually interacting with the application.
As part of the web application attack and penetration phase, Impact will look for SQL Injection and OS Command Injection vulnerabilities against the discovered Web Services, resulting in an installed agent when a vulnerability is successfully exploited.
The new Impact version also includes enhanced validation and reporting capabilities to assist security professionals with distributing important security information. These enhanced reports compare the workspace's original results with those after remediation efforts have been performed.
This historical view eliminates the need to have detailed knowledge of a specific pen test that may have been completed in a prior timeframe, by another team member or third-party tester. By using the remediation validation functionality Impact stores all the required information allowing users to verify the current status of previously detected issues by just following a simple wizard.