Core Impact is the most comprehensive solution for assessing and testing security vulnerabilities throughout your organization. Core Impact is the only solution that empowers you to replicate attacks that pivot across systems, devices, and applications, revealing how chains of exploitable vulnerabilities open paths to your organization’s mission-critical systems and data.
Comprehensive multi-vector penetration testing
With 15+ years of leading-edge security research and commercial-grade development, Core Impact Pro allows you to evaluate your security posture using the same techniques employed by today’s cyber-criminals. With Core Impact Pro, you can:
- Leverage true multi-vector testing capabilities across network, web, mobile, and wireless
- Test with 25% more unique Common Vulnerability Exploits (CVE) than the competition
- Validate patching efforts to ensure vulnerabilities were remediated correctly
Core Impact Pro is the only solution that empowers you to replicate attacks that pivot across systems, devices and applications, revealing how chains of exploitable vulnerabilities open paths to your organization’s mission-critical systems and data.
Your organization’s servers and workstations make up the backbone of your IT infrastructure and house some of its most important information assets. Core Impact Pro gives you visibility into the effectiveness of your endpoint defenses and reveals where your most pressing risks exist across your network.
Core Impact Pro offers the most comprehensive web application penetration testing capabilities available in one solution. Only Impact integrates web application testing with network, endpoint and wireless testing, enabling you to assess your organization’s ability to detect, prevent and respond to real-world, multi-staged threats.
Test endpoint systems with commercial-grade client-side exploits in a controlled manner using a simple interface. Endpoint penetration testing through Core Impact Pro lets you test desktops, laptops, workstations for various vulnerabilities, in addition to gauging the effectiveness of anti-virus, IDC, and other perimeter defenses
Multi-Vector Penetration Testing Solution with Core Impact Pro
Core Impact® Pro is the most comprehensive, commercial-grade penetration testing product available, enabling you to conduct real-world assessments across a broad spectrum of risk areas, including:
Web Application Penetration Testing
Web Application Penetration Testing with Core Impact Pro allows you to pinpoint exploitable Cross-Site Scripting, SQL Injection and all other OWASP Top 10 vulnerabilities in your web applications, not only giving visibility into where application weaknesses exist, but also determining how they can open the door to subsequent network-based attacks.
End-User Security Awareness Testing
End-User Security Awareness Testing with Core Impact Pro determines the susceptibility of email users to social engineering attacks, assesses the overall security of their systems, and depicts how individual client-side exposures can be linked to large-scale breaches of backend servers.
Endpoint Penetration Testing
Core Impact Pro enables you to penetration test standard desktop images prior to deployment in your live environment.
Mobile Device Penetration Testing
Mobile device penetration testing with Impact Pro pinpoints and addresses gaps in end-user awareness and security exposures in their devices before attackers do. With Core Impact Pro’s Mobile Device Penetration Testing capabilities, you can demonstrate the exploitability of iPhone®, Android™ and BlackBerry® smart phones using the same attack techniques employed by criminals today.
Network Penetration Testing
Network Penetration Testing with Core Impact Pro replicates the actions of an attacker taking advantage of OS, service and application weaknesses across network systems, revealing where exploitable vulnerabilities are, how they can be linked to traverse your network, how defenses react, and what remediation steps are necessary.
Password and Identity Cracking
CloudCypher, a new online service from Core, works with Windows NTLM Hashes discovered by Impact Pro during testing and attempts to determine plaintext passwords for those hashes. Any passwords that are determined will be passed back to the Impact Pro workspace that requested them. This is done through the use of modules, the original module that submitted the hashes will be used to retrieve the resulting passwords. These obtained passwords can then be used for additional security testing. CloudCypher was created and is managed by Core and held within Amazon Web Services.
Wireless Network Penetration Testing
Wireless Penetration Testing with Core Impact Pro allows IT security managers to identify at-risk wireless networks, crack encryption codes, and trace attack paths from initial points of wireless exposure to backend resources housing critical data — gaining actionable data at each step for efficient remediation.
Testing the Efficacy of IPS/IDS, Firewalls and Other Defenses
Using Core Impact software solutions, you can proactively test the efficacy of their network, endpoint, web application, wireless, and email defenses both to ensure that these technologies are working properly, and to aid in the process of evaluating products to determine ROI and influence future buying decisions.
Validating Vulnerabilities Identified by Scanners
Core Impact integrates with the most widely-used network and web vulnerability scanners, allowing you to import scan results and run exploits to test identified vulnerabilities.
SCADA Security Testing
Core Security is partnering with ExCraft labs, a Core Secured Partner, that has created numerous exploits specifically for SCADA systems, that are utilized in Core Impact Pro.
Network Device Penetration Testing
Impact Pro is the first commercial-grade penetration testing software that can specifically target network devices and prove how a single intrusion could escalate into a widespread data breach.
Validate Network and Web Vulnerability Scan Results
To effectively protect your organization’s information assets, a vulnerability management strategy must encompass multiple steps – from scanning to remediation:
- Scan network servers, workstations, firewalls, routers and various applications for vulnerabilities.
- Identify which vulnerabilities pose real threats to your network.
- Determine the potential impact of exploited vulnerabilities.
- Prioritize and execute remediation efforts.
Scanning applications can provide a key component to the vulnerability management process by helping you to understand your organization’s potential vulnerabilities. Penetration testing with Core Impact builds on this process by identifying which vulnerabilities are real, while determining if and how they can be exploited. This gives you the information you need to intelligently prioritize remediation efforts and effectively allocate security resources.
Core Impact Pro Penetration Testing Reports
One of the most valuable features of Core Impact Pro is its ability to arm users with the actionable data that they need to drive ongoing IT vulnerability and security management operations. From generating detailed vulnerability exposure details that allow organizations to target remediation efforts, to providing IT and security managers with metrics that illustrate how well their layered point solution defenses are working – or whether they’re compliant with various industry regulations, Core Impact Pro’s onboard reports deliver the powerful information that organizations need to address their most significant weaknesses and help minimize risks.
- Wellness Report
A comprehensive report that reflects the depth of testing required to return the completed testing results. The Wellness Report details all exploits attempted – not just successful exploits.
- Executive Summary Report
A single-page, high-level summary of penetration testing activities and results in a visual format that both IT and business users can understand.
- Attack Path Report
Presents a powerful visual representation of the manner in which tests are able to exploit individual vulnerabilities and achieve subsequent access to other systems and applications.
- PCI Vulnerability Validation Report
The PCI Vulnerability Validation Report provides results of penetration testing performed with the goal of remaining compliant with the Payment Card Industry (PCI) Data Security Standard.
- FISMA Vulnerability Validation Report
Provides results of penetration testing performed by government entities and other organizations working to remain compliant with the Federal Information Security Management Act of 2002 (FISMA).
- Delta Report
Synthesizes a wide range of various testing results to give organizations an integrated view into vulnerabilities resident across a range of different assets, including network systems and client systems.
- Trend Report
With the Trend Report, Impact Pro users can track data from up to 52 penetration tests over time, graphically representing changes in an organization’s security posture as exploitable vulnerabilities are identified, remediated and re-tested.
- Web Application Vulnerability Report
Provides comprehensive information about every security flaw that can be successfully exploited during penetration testing, including those available to SQL Injection, Cross-Site Scripting and Remote File Inclusion attacks.
- Web Application Executive Report
Provides summarized information of every vulnerable web page found during testing and how those problems can be exploited by real-world attackers.
- Activity Report
Offers a detailed log of all testing activity that is being carried out, including the relevant data that organizations might need to share with auditors reviewing their security programs.
- Host Report
Provides Impact Pro users with precise details regarding how their systems and applications can be compromised via real-world hacking or malware attempts.
- Vulnerabilities Report
Provides Impact Pro users with specific details about all the weaknesses successfully exploited during penetration testing and how those flaws can be used by attackers to obtain control of a tested system and establish a beachhead for subsequent activity.
- Client-Side Penetration Test Report
Provides detailed results of assessments performed on endpoints and end users, including information about any social engineering tactics utilized to trigger tests.
- Client-Side User Report
Helps organizations understand exactly how well their end users stand up to social engineering attacks involving both e-mail and Web-based delivery models, including spear phishing assessments.
- Discovered Identities Report
With the ability to perform large scale patching of environments becoming easier, attackers are switching to the attempted use of default and common identities to gain authenticated access to targeted systems. This report represents the ability for the attacker to leverage identities in this targeted environment.
- Wireless Penetration Test Report
Details wireless networks discovered, client-to-access point relationships, and access point profile information. Also includes information about which networks were tested against attacks, which where successfully compromised, and which weaknesses allowed the compromise.
- Mobile Device Reports
Records information on all mobile devices accessed during testing.
- Network Remediation Validation Report
This report shows the effectiveness of the mitigation effort applied following the risk assessment of a network.
Webapps Remediation Validation Report
This report shows the effectiveness of the mitigation effort applied following the risk assessment of web applications. A retest of each originally identified and reported risk factor was performed and this report illustrates any vulnerabilities that were still found to be present on the environment that was tested.