XML, SOAP, REST Testing for SOA and Cloud Computing

SOA Testing

Subscribe to SOA Testing: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get SOA Testing: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

SOA Testing Authors: Mamoon Yunus, John Savageau, Tim Hinds, SOASTA Blog, Hervé Servy

Related Topics: Enterprise Mashups, VMware Journal, Twitter on Ulitzer, SOA Best Practices Digest, SOA & WOA Magazine, SOA in the Cloud Expo, Government News, SOA Testing

News Feed Item

CORE Security Releases Surveillance Camera, Enhanced Web Services Capabilities with CORE Impact Pro 2013 R2

CORE Security®, a leading provider of predictive security intelligence solutions, today announced the release of CORE Impact® Pro 2013 R2, the latest version of the company’s professional vulnerability assessment and penetration testing software, that allows organizations to proactively test IT infrastructure and identify exactly where and how an organization’s critical data can be breached.

CORE Impact Pro 2013 R2 introduces new surveillance camera capabilities that test networked cameras for vulnerabilities and authentication weaknesses, which Impact can leverage to provide access to the compromised camera’s video feed. This version also extends the product’s web application testing capabilities to identify vulnerabilities in Web Services used in Web 2.0 and AJAX applications. In addition, the new version contains enhanced remediation and validation reporting. Impact 2013 R2 is supported by the company’s extensive library of more than 3,100 commercial-grade exploits and other attack techniques.

Millions of surveillance cameras are being added to networks at enterprises and organizations, globally. With the added ability to monitor activities comes the added risk of more potentially unprotected devices on the network. CORE Labs has done extensive research on surveillance camera vulnerabilities and has published several advisories on the subject. The added surveillance camera capabilities provide security professionals with the ability to fingerprint and assess the security posture of these devices, as they currently do with other networked devices.

“The new surveillance camera capabilities are a big step forward for the industry. Surveillance cameras are one of the fastest growing security measures being taken by the likes of public institutions like airports, as well as private institutions like financial institutions, large office buildings, and casinos. Technology innovations such as hi-def video and 360 degree field of view have led to these surveillance cameras becoming as capable as a standard PC – making them attractive targets for attackers to gain entry into the deepest part of IT infrastructure,” said Milan Shah, senior vice president of Products and Engineering at CORE Security. “It is crucial that these surveillance cameras be deployed and managed in a secure manner. As a leader in security research and the security market, we have combined the advanced technical capabilities driven by our researchers at CORE Labs with our customers’ input to continue to deliver new comprehensive solutions to the market.”

CORE Impact Pro 2013 R2 also supports SOAP and REST (using JSON) Web Services testing. During the web application information gathering CORE Impact identifies Web Services definitions and calls, adding them to the list of items to test. Impact supports automatic discovery of web services, but in cases where that is not sufficient, Impact offers an “interactive web crawling” feature that allows a user to dig deeper into an application by manually interacting with the application. As part of the web application attack and penetration phase, Impact will look for SQL Injection and OS Command Injection vulnerabilities against the discovered Web Services, resulting in an installed agent when a vulnerability is successfully exploited.

The new Impact version also includes enhanced validation and reporting capabilities to assist security professionals with distributing important security information. These enhanced reports compare the workspace's original results with those after remediation efforts have been performed. This historical view eliminates the need to have detailed knowledge of a specific pen test that may have been completed in a prior timeframe, by another team member or third-party tester. By using the remediation validation functionality Impact stores all the required information allowing users to verify the current status of previously detected issues by just following a simple wizard.

In addition to the features listed above, Impact 2013 R2 also includes:

  • Web Application Remediation Validation capabilities, extending the functionality served in R1 that was highly requested and widely used by our customers
  • SQL agent support in network vector to attack available databases, especially useful when the target environment prevented the tester from installing an OS agent but a database is compromised
  • Extended “Teaming” support, now allowing red teams to execute coordinated Client-Side, Web Application, and Web Services penetration testing exercises
  • New “Identity Verifiers”, now including support for testing identities against RDP (Terminal Services), RTSP, and VMWare services
  • Tighter “Nessus” integration, allowing Impact users to directly connect a remote Nessus server instead of requiring importing the data from a local file
  • And “Nmap” RPT integration, among other numerous improvements

More about CORE Impact Pro:

CORE Impact® Pro is the most comprehensive software solution for assessing the real-world security of web applications, network systems, endpoint systems, email users, mobile devices, wireless networks, and network devices. Backed by CORE Security’s ongoing vulnerability research, Impact Pro allows you to take security testing to the next level by safely replicating a broad range of data breach threats. As a result, you can identify exactly where and how your organization’s critical data can be breached. Learn more about CORE Impact Pro penetration testing software at http://www.coresecurity.com/core-impact-pro.

About CORE Security

CORE Security is the leading provider of predictive security intelligence solutions for enterprises and government organizations. We help more than 1,400 customers worldwide preempt critical security threats throughout their IT environments, and communicate the risk the threats pose to the business. Our patented, proven, award-winning enterprise solutions are backed by more than 15 years of applied expertise from CORE Labs, the company’s innovative security research center. For more information, visit www.coresecurity.com.

CORE Security, CORE Impact, CORE Impact Professional, CORE Secured, and CORE Labs are registered trademarks and/ or trademarks of CORE SDI, Inc. in the United States and/or other countries. All other products and services are trademarks of their respective owners.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.