Core expands into network vulnerability testing

Core expands into network vulnerability testing

The latest version of Core Impact can now scan network devices for security vulnerabilities

With the latest release of its flagship Core Impact Pro, Core Security Technologies has expanded its application penetration testing software to scan and test network devices as well.

Core Impact Pro version 11, released this week, also includes improved tools for scanning Web applications as well.

While network administrators have had no shortage of available network vulnerability scanners, Core is hoping that its capabilities in application penetration testing will provide additional insight into possible vulnerabilities on a network or in systems.

Earlier versions of Impact were able to detect network devices but offered no capabilities for exploiting vulnerabilities, said Fred Pinkett, Core Security vice president of product management. This version offers the tools and exploits to break into a device. The software will allow the administrator, using publicly available exploit code, to verify that a malicious attacker could access the device, rename it, crack its list of passwords and monitor its activities.

The software's Network Information Gathering set of capabilities can scan a range of IP addresses and return a list of devices on the network, such as routers and switches. It can provide as many details as possible about each device, such as manufacturer, device, OS, and possible points of vulnerability.

Devices may contain access control lists and other information that can be useful to attackers trying to understand the topology of an enterprise's network. Devices are also a good point to intercept and reroute traffic.

"Network security devices can be areas of vulnerability exposure if not properly configured, managed and patched," said Diana Kelley principal analyst at analysis firm SecurityCurve, in a statement. "That's why a robust penetration testing plan includes these assets. Organizations need to understand if network device vulnerabilities exist and if these vulnerabilities can lead to data theft or other forms of compromise."

Testing for Web application vulnerabilities has been another focus area in this upgrade. Version 11 of the software also has been configured to work with a number of Web application vulnerability scanners, such as BM Rational AppScan and HP WebInspect. Once such scanners pinpoint probable vulnerable Web applications, an administrator could use Core Impact to test the applications against common exploits to see how they can be breached.

The software includes a number of new exploits that could be used against Web applications, including those for Persistent XSS (cross-site scripting) vulnerabilities and possible XSS vulnerabilities in Adobe Flash Objects.

Organizations and developers carry out penetration testing (also called PEN testing) as a way to check to see if their systems and programs can be accessed and manipulated by their vulnerabilities, Earlier this year, Core integrated the nearly exhaustive Metasploit framework of exploits into Core Impact.

"We continually look at new ways an attacker can get into an organization and start to put functionality in our product to test for those new attack vectors," said Mark Hatton, president and CEO of Core Security.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securitypatch managementsoftwareintrusionapplication developmentpatchesCompliance monitoringDevelopment toolsAccess control and authenticationExploits / vulnerabilitiesCore Security



Meet the leading customer-centric Microsoft channel partners

Meet the leading customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the leading customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments