Menu
Core expands into network vulnerability testing

Core expands into network vulnerability testing

The latest version of Core Impact can now scan network devices for security vulnerabilities

With the latest release of its flagship Core Impact Pro, Core Security Technologies has expanded its application penetration testing software to scan and test network devices as well.

Core Impact Pro version 11, released this week, also includes improved tools for scanning Web applications as well.

While network administrators have had no shortage of available network vulnerability scanners, Core is hoping that its capabilities in application penetration testing will provide additional insight into possible vulnerabilities on a network or in systems.

Earlier versions of Impact were able to detect network devices but offered no capabilities for exploiting vulnerabilities, said Fred Pinkett, Core Security vice president of product management. This version offers the tools and exploits to break into a device. The software will allow the administrator, using publicly available exploit code, to verify that a malicious attacker could access the device, rename it, crack its list of passwords and monitor its activities.

The software's Network Information Gathering set of capabilities can scan a range of IP addresses and return a list of devices on the network, such as routers and switches. It can provide as many details as possible about each device, such as manufacturer, device, OS, and possible points of vulnerability.

Devices may contain access control lists and other information that can be useful to attackers trying to understand the topology of an enterprise's network. Devices are also a good point to intercept and reroute traffic.

"Network security devices can be areas of vulnerability exposure if not properly configured, managed and patched," said Diana Kelley principal analyst at analysis firm SecurityCurve, in a statement. "That's why a robust penetration testing plan includes these assets. Organizations need to understand if network device vulnerabilities exist and if these vulnerabilities can lead to data theft or other forms of compromise."

Testing for Web application vulnerabilities has been another focus area in this upgrade. Version 11 of the software also has been configured to work with a number of Web application vulnerability scanners, such as BM Rational AppScan and HP WebInspect. Once such scanners pinpoint probable vulnerable Web applications, an administrator could use Core Impact to test the applications against common exploits to see how they can be breached.

The software includes a number of new exploits that could be used against Web applications, including those for Persistent XSS (cross-site scripting) vulnerabilities and possible XSS vulnerabilities in Adobe Flash Objects.

Organizations and developers carry out penetration testing (also called PEN testing) as a way to check to see if their systems and programs can be accessed and manipulated by their vulnerabilities, Earlier this year, Core integrated the nearly exhaustive Metasploit framework of exploits into Core Impact.

"We continually look at new ways an attacker can get into an organization and start to put functionality in our product to test for those new attack vectors," said Mark Hatton, president and CEO of Core Security.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags securitypatch managementsoftwareintrusionapplication developmentpatchesCompliance monitoringDevelopment toolsAccess control and authenticationExploits / vulnerabilitiesCore Security

Featured

Slideshows

Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
Show Comments