top of page

Professional Penetration Testing: Hack Web Servers from Database to SSH

Proactively Identify and Address All OWASP Top 10 Threats

The Core Impact Web Application Rapid Penetration Test (RPT) automates and speeds the web application testing process for more frequent, repeatable and consistent security assessments.

Information Gathering and Scan Import

  • Crawl web pages and identify URLs to test

  • Import results from popular web application vulnerability scanners, including Acunetix® Web Security Scanner, Cenzic Enterprise®, HP WebInspect®, IBM Rational AppScan®, and NTOSpider®

  • Filter scan results and identify significant points of exposure

  • Fingerprint applications to select and run known exploits for off-the-shelf web applications

  • Gather information for dynamically creating exploits for custom applications

  • Impersonate authenticated users!

  • Impersonate several browsers, including mobile browsers

Attack and Penetration

Core Impact Pro is the first and only automated, commercial-grade web application penetration testing solution to address the most prevalent security threats facing organizations today, including:

  • Injection (OWASP A1)

  • Broken Authentication and Session Management (OWASP A2)

  • Cross-Site Scripting (XSS) (OWASP A3)

  • Insecure Direct Object References (OWASP A4)

  • Security Misconfiguration (OWASP A5)

  • Sensitive Data Exposure (OWASP A6)

  • Missing Function Level Access Control (OWASP A7)

  • Cross-Site Request Forgery (OWASP A8)

  • Using Components with Known Vulnerabilities (OWASP A9)

  • Unvalidated Redirects and Forwards (OWASP A10)

Dynamic Exploits for Custom Web Applications

Testing custom applications for security vulnerabilities requires the creation of unique exploits. Impact dynamically creates customized exploits on-the-fly to safely replicate attacks against both proprietary and out-of-the-box web applications.

Other Web Application Testing Capabilities

In addition to addressing the OWASP Top 10, Impact enables you to:

  • Test PHP applications against Remote and Local File Inclusion

  • Exploit WebDAV configuration weaknesses

  • Evade firewalls

  • Reveal weak HTTPS encryption

  • Test surveillance cameras against web attacks

  • Detect vulnerabilities in SOAP-based or RESTful web services

  • Employ interactive crawling of a mobile application web services backend

Cleanup and Reporting

Core Impact Pro is self-contained and safe for production systems, since it does not install or run code on compromised web servers during testing. Core Impact’s reports provide security professionals and developers with critical information for identifying security weaknesses, determining possible fixes, and prioritizing remediation efforts. Impact maintains audit trails of all tests performed, servers and databases accessed, and all actions taken during testing.

Recent Posts 
Serach By Tags
No tags yet.
bottom of page