XML, SOAP, REST Testing for SOA and Cloud Computing

SOA Testing

Subscribe to SOA Testing: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get SOA Testing: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

SOA Testing Authors: Mamoon Yunus, John Savageau, Tim Hinds, SOASTA Blog, Hervé Servy

Related Topics: PC Security Journal, Ubuntu Linux Journal, SOA Best Practices Digest, Security Journal, Farming & Forestry, SOA & WOA Magazine, SOA in the Cloud Expo, Government News, Sarbanes Oxley on Ulitzer, SOA Testing

News Feed Item

CORE Security Adds Web Services Testing for Mobile Applications, Updated OWASP Top 10 and CVE Identifiers Support to Latest Version of CORE Impact Pro

CORE Security®, a leading provider of predictive security intelligence solutions, today announced the release of CORE Impact® Pro 2014 R1, the latest version of its vulnerability assessment and penetration testing software. This software allows organizations to proactively test IT infrastructure and identify where and how an organization’s critical data can be breached.

This latest version advances Impact’s state-of-the-art functionality, strengthens existing mobile and web services testing capabilities, and adds compliance for a series of new industry standards. CORE Impact Pro 2014 R1 adds the ability to test the web services used by mobile client applications, support for the latest OWASP Top 10, compatibility with the recently updated MITRE CVE Identifiers, and HTTP/HTTPS communication channels to exploited 32-bit Linux machines. In addition to these new features, CORE Impact Pro 2014 R1 is supported by the company’s extensive library of nearly 3,000 commercial-grade exploits and other attack techniques.

With CORE Impact 2014 R1, users are now able to test web services used by mobile applications. When performing web services testing, CORE Impact Pro sits in between a mobile app and its backend application server. CORE Impact Pro will then harvest the server requests and use these as a baseline to test the target backend web services and identify vulnerabilities in them. This simulates what a malicious attacker may do in order to exploit and extract information from the servers. With CORE Impact Pro, developers can be sure that the web services used by mobile applications are not vulnerable to a malicious attack.

The latest version also supports the most-recent OWASP Top 10 list; this list publicizes the most-critical web application security flaws as determined by Open Web Application Security Project (OWASP), a nonprofit, vendor-independent IT security organization. CORE Impact Pro's one-step WebApps vulnerability test allows users to target web applications in order to evaluate their vulnerability to known exploits on the OWASP Top 10 list. The OWASP Top 10 represents a broad consensus about the most-critical web application security flaws.

“As a long-time user, I always look forward to the latest version of CORE Impact Pro and the new functionality it delivers,” said Daryl Kellison, Director of Assessment and Exploitation Services for Axxum Technologies. “We are a leading provider of advanced security services to the government sector, and in that role, we are pleased to be a part of the CORE Secured partner program. This tighter alignment will allow us to fully leverage the CORE solutions to meet our customers’ growing needs for security testing services.”

CORE Impact Pro 2014 R1 expands its multi-platform support by providing HTTP/HTTPS communications channels for 32-bit Linux platforms. This allows deployed agents to communicate securely via encrypted channels, thereby helping to avoid detection by IPS systems.

“We continue to build on Impact’s deep heritage and this year’s version is the latest example of our commitment to meeting the needs of the penetration testing and vulnerability assessment market,” said Milan Shah, senior vice president of Products and Engineering at CORE Security. “Mobile applications are growing at incredible rates. Giving developers of these applications the ability to test new applications prior to release helps to avoid security vulnerabilities. We’ve also built on the HTTP/HTTPS communications channels capabilities of prior versions to offer these on a 32-bit Linux platform. This latest version of Impact addresses many of the requests we get from our installed base of dedicated users.”

More about CORE Impact Pro:

CORE Impact® Pro is the most comprehensive software solution for assessing the real-world security of web applications, network systems, endpoint systems, email users, mobile devices, wireless networks, and network devices. Backed by CORE Security’s ongoing vulnerability research, Impact Pro allows users to take security testing to the next level by safely replicating a broad range of data breach threats. As a result, testers can identify where and how your organization’s critical data can be breached. Learn more about CORE Impact Pro penetration testing software at http://www.coresecurity.com/core-impact-pro.

About CORE Security

CORE Security is the leading provider of predictive security intelligence solutions for enterprises and government organizations. We help more than 1,400 customers worldwide preempt critical security threats throughout their IT environments, and communicate the risk the threats pose to the business. Our patented, proven, award-winning enterprise solutions are backed by more than 15 years of applied expertise from CORE Labs, the company’s innovative security research center. For more information, visit www.coresecurity.com.

CORE Security, CORE Impact, CORE Impact Professional, CORE Secured, and CORE Labs are registered trademarks and/ or trademarks of CORE SDI, Inc. in the United States and/or other countries. All other products and services are trademarks of their respective owners.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.