Professional Penetration Testing: Hack Web Servers from Database to SSH
Proactively Identify and Address All OWASP Top 10 Threats
The Core Impact Web Application Rapid Penetration Test (RPT) automates and speeds the web application testing process for more frequent, repeatable and consistent security assessments.
Information Gathering and Scan Import
Crawl web pages and identify URLs to test
Import results from popular web application vulnerability scanners, including Acunetix® Web Security Scanner, Cenzic Enterprise®, HP WebInspect®, IBM Rational AppScan®, and NTOSpider®
Filter scan results and identify significant points of exposure
Fingerprint applications to select and run known exploits for off-the-shelf web applications
Gather information for dynamically creating exploits for custom applications
Impersonate authenticated users!
Impersonate several browsers, including mobile browsers
Attack and Penetration
Core Impact Pro is the first and only automated, commercial-grade web application penetration testing solution to address the most prevalent security threats facing organizations today, including:
Injection (OWASP A1)
Broken Authentication and Session Management (OWASP A2)
Cross-Site Scripting (XSS) (OWASP A3)
Insecure Direct Object References (OWASP A4)
Security Misconfiguration (OWASP A5)
Sensitive Data Exposure (OWASP A6)
Missing Function Level Access Control (OWASP A7)
Cross-Site Request Forgery (OWASP A8)
Using Components with Known Vulnerabilities (OWASP A9)
Unvalidated Redirects and Forwards (OWASP A10)
Dynamic Exploits for Custom Web Applications
Testing custom applications for security vulnerabilities requires the creation of unique exploits. Impact dynamically creates customized exploits on-the-fly to safely replicate attacks against both proprietary and out-of-the-box web applications.
Other Web Application Testing Capabilities
In addition to addressing the OWASP Top 10, Impact enables you to:
Test PHP applications against Remote and Local File Inclusion
Exploit WebDAV configuration weaknesses
Evade firewalls
Reveal weak HTTPS encryption
Test surveillance cameras against web attacks
Detect vulnerabilities in SOAP-based or RESTful web services
Employ interactive crawling of a mobile application web services backend
Cleanup and Reporting
Core Impact Pro is self-contained and safe for production systems, since it does not install or run code on compromised web servers during testing. Core Impact’s reports provide security professionals and developers with critical information for identifying security weaknesses, determining possible fixes, and prioritizing remediation efforts. Impact maintains audit trails of all tests performed, servers and databases accessed, and all actions taken during testing.