CORE Impact Pro 2013 R2 gets enhanced web services capabilities
Posted on 26 September 2013.
CORE Security released CORE Impact Pro 2013 R2, that allows organizations to proactively test IT infrastructure and identify exactly where and how an organization’s critical data can be breached.

CORE Impact Pro 2013 R2 introduces new surveillance camera capabilities that test networked cameras for vulnerabilities and authentication weaknesses, which Impact can leverage to provide access to the compromised camera’s video feed.

This version also extends the product’s web application testing capabilities to identify vulnerabilities in Web Services used in Web 2.0 and AJAX applications. In addition, the new version contains enhanced remediation and validation reporting. Impact 2013 R2 is supported by the company’s extensive library of more than 3,100 commercial-grade exploits and other attack techniques.

Millions of surveillance cameras are being added to networks at enterprises and organizations, globally. With the added ability to monitor activities comes the added risk of more potentially unprotected devices on the network. CORE Labs has done extensive research on surveillance camera vulnerabilities and has published several advisories on the subject. The added surveillance camera capabilities provide security professionals with the ability to fingerprint and assess the security posture of these devices, as they currently do with other networked devices.

CORE Impact Pro 2013 R2 also supports SOAP and REST (using JSON) Web Services testing. During the web application information gathering CORE Impact identifies Web Services definitions and calls, adding them to the list of items to test. Impact supports automatic discovery of web services, but in cases where that is not sufficient, Impact offers an “interactive web crawling” feature that allows a user to dig deeper into an application by manually interacting with the application.

As part of the web application attack and penetration phase, Impact will look for SQL Injection and OS Command Injection vulnerabilities against the discovered Web Services, resulting in an installed agent when a vulnerability is successfully exploited.

The new Impact version also includes enhanced validation and reporting capabilities to assist security professionals with distributing important security information. These enhanced reports compare the workspace's original results with those after remediation efforts have been performed.

This historical view eliminates the need to have detailed knowledge of a specific pen test that may have been completed in a prior timeframe, by another team member or third-party tester. By using the remediation validation functionality Impact stores all the required information allowing users to verify the current status of previously detected issues by just following a simple wizard.





Spotlight

The evolution of backup and disaster recovery

Posted on 25 July 2014.  |  Amanda Strassle, IT Senior Director of Data Center Service Delivery at Seagate Technology, talks about enterprise backup issues, illustrates how the cloud shaping an IT department's approach to backup and disaster recovery, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Jul 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //