• book demo
  • request trial

Penetration Testing with Core Impact Pro

 

Core Impact Pro

Attack Intelligence Platform

Click image to zoom

Core Impact Pro is the most comprehensive solution for assessing and testing security vulnerabilities throughout your organization.

Leveraging commercial-grade exploits, users can take security testing to the next level when assessing and validating security vulnerabilities. Backed by 15+ years of leading-edge security research and commercial-grade development, Core Impact Pro allows you to evaluate your security posture using the same techniques employed by today’s cyber-criminals.

To effectively protect your organization's information assets, a vulnerability management strategy must encompass multiple steps - from scanning to remediation:

  • Scan network servers, workstations, firewalls, routers and various applications for vulnerabilities.
  • Identify which vulnerabilities pose real threats to your network.
  • Determine the potential impact of exploited vulnerabilities.
  • Prioritize and execute remediation efforts.

Scanning applications can provide a key component to the vulnerability management process by helping you to understand your organization's potential vulnerabilities. Penetration testing with Core Impact builds on this process by identifying which vulnerabilities are real, while determining if and how they can be exploited. This gives you the information you need to intelligently prioritize remediation efforts and effectively allocate security resources.

Enterprise-grade Penetration Testing

Core Impact integrates with the most widely-used vulnerability scanners, allowing you to import scan results and run exploits to test identified vulnerabilities. However, you don't need to have a vulnerability scanner to use Impact. In the Information Gathering phase, Impact will independently identify servers, services, etc., enabling it to intelligently determine the appropriate exploits to run.

Meet regulatory requirements and avoid fines

Penetration testing tools like Core Impact Pro help organizations address the general auditing/compliance aspects of regulations such as GLBA, HIPAA and Sarbanes-Oxley, and specifically addresses testing requirements documented in the PCI-DSS and federal FISMA/NIST mandates. The detailed reports that penetration tests generate can help organizations avoid significant fines for non-compliance and allow them to illustrate ongoing due diligence in to assessors by maintaining required security controls to auditors.

Intelligently manage vulnerabilities

Core Impact Pro provides detailed information on actual, exploitable security threats. By performing a penetration test, you can proactively identify which vulnerabilities are most critical, which are less significant, and which are false positives. This allows your organization to more intelligently prioritize remediation, apply needed security patches and allocate security resources more efficiently to ensure that they are available when and where they are needed most.

CloudCypher

CloudCypher works with Windows NTLM Hashes discovered by Core Impact during testing and attempts to determine plaintext passwords for those hashes. Any discovered passwords will be passed back to the Impact workspace that requested them. This is done through the use of modules; the original module that submitted the hashes should be used to retrieve the resulting passwords. These passwords can then be used for additional security testing. 

What it Tests

Resources

Visit the Core Impact Pro Resources Center for data sheets, product reviews, whitepapers and more.

 

New Features

Introducing Core Impact Pro 2014 R1

New capabilities include:

  • Web Services for Mobile
  • OWASP Top Ten Update
  • SCADA Pack Update
  • Windows 8.1 support

learn more >

Awards

  • CORE Impact 2013 R1 Named SC Magazine Best Buy

Training & Support

We're commited to providing customers with responsive and thorough training, certification and support.

learn more >

Intro to Penetration Testing