8 Tips for Penetration Testing

Posted by Ashley Sims - Marketing Manager on Tue, May 24, 2016

You think that you're safe, that your network is secure, that your firewalls are protecting you - but how will you know if you don't test it? 

A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely tring to exploit vulnerabilities. You may have also hear the term "Red Hat" or "White Hat" when it comes to testing because, while they are trying to hack into your system, these "attackers" are doing so in an ethical effort to find the vulnerable parts of your network in order to patch them. 

There are many options for penetration testing - either manual or automated, a pen test systematically compromises servers, endpoints, web applications, wireless networks, network devices, mobile devices, and other points of exposure. 

With so many things to test and so many options for testing, how do you know if you're getting the most out of your test? 

Download 8 tips to help you get the most out of your penetration test. 



Tags: vulnerability management, vulnerability, pen-testing, penetration testing

Core Impact 2016 R1 Now Available

Posted by Ashley Sims - Marketing Manager on Tue, May 17, 2016

We are thrilled to announce the official release of Core Impact 2016 R1. With this release, Core Security continues to provide the most comprehensive software solution that proactively assesses any security posture of an organization.

The new capabilities released in Core Impact Pro 2016 R1 include:

  • Interactive Support for Web Application Record Login
  • Flexible and customizable reporting
  • Network vector enhancements

Interactive support for Web Application Record Login

In addition to the Web Application Record Login introduced in the last release, we have added support for those scenarios where the engine needs help from the user during the authentication process due to a challenge response test. One example of such functionality is CAPTCHA.

With Core Impact Pro 2016 R1 Record Login Assistant, you can now mark some authentication steps as interactive. When these steps are play backed during the WebApps Information Gathering phase, the user is prompted for input on those marked as interactive, and resume the remaining operations once that input is completed. Core_Impact_Pro_2016_R1_Pic.jpg

Flexible and Customizable Reporting

The introduction of Flexible and Customizable Reporting in the last release was one of the biggest requests from customers over the years and has had a lot of success.

With this release, we have re-engineered the structure and contents of our network existing reports (including Wi-Fi, Mobile, and MiTM) creating a set of new reports which provides more comprehensive information of the networks being tested. All these reports allow users to export to Microsoft Excel and customize many things including vulnerability tables, graphics, and company logos according to their needs. Users are able to save changes as a new template to be used as the base for future report generation.

Network vector enhancements

We have added many new features based on extensive customer feedback, including:

  • Kerberos support for network SQL Agent
  • Agent Persistency using WMI enhancements
  • Improved OSX El Capitan Agent support
  • Domain replication functionality
  • SWF Evasion and polymorphic code
  • Python VM upgrade

For more information on the newest release, download our datasheetor request a demo of Core Impact 2016 R1.


Tags: core security, core impact, pen-testing, penetration testing