Penetration testing: Core Security by ProQuest


More Info
									» PRODUCTS l Industry innovators

Penetration testing: Core Security
                                           just love these folks. Take the       than use a “canned” tool, such as     way, that includes Core Essentials,
 Flagship product: Core Impact
 Pro v7.6
                                       I   best open source pen testing
                                           tool you can think of, put it on
                                       steroids, give it a user interface
                                                                                 Core Impact.
                                                                                   He’s not alone. There are a lot
                                                                                 of engineers who feel that way,
                                                                                                                       its little sister, a fully automated
                                                                                                                       scanner version that does its job
                                                                                                                       with just a few mouse clicks.) It
 Vendor: Core Security Tech.;          that makes it simple and fast to          until they need to make produc-       takes solid commitment to one                  pen test in a production environ-         tion deadlines in operational         of my primary principles: Don’t
 Cost: $30,000 for annual              ment without losing the granular-         systems. The workloads of most        think outside the box. Rather,
 license to test unlimited range       ity of manual testing if you need         security engineers preclude the       refuse to admit that the box exists
 of IP addresses                       it, and you have Core Impact.             use of the types of tools we write    in the first place.
 Innovation: Forward thinking,         Well, almost.                             for ourselves. There are never-          I’ve been watching Core since
 clear-sighted analysis of the            Every year I say that I am going       ending challenges for the informa-    they started up, and they are inno-
 needs of their market and solid       to find a better tool, and I actually      tion security and IT departments      vators because innovation is their
 commitment to producing a             do comb the market – unsuc-               in most organizations. Periodic       company personality. It seems a
 useful penetration testing tool       cessfully. It’s not just that Core        pen testing is just one of them.      bit strange to say that they are
 Greatest strength: Analytical         Security has a very complete                What I really like about Core       innovators because they are inno-
 insight                               script library – everyone has that        Impact is that it is the tool I       vators, but that circular argument
                                       or, at least, claims to. It’s how they    would write for myself if I had       certainly applies here.
                                       implement it.                             time. It is that and then some.          What’s in store the next 12 to 18
                                          I had an interesting discussion        Moreover, there is a whole team       months at Core? They are doing
                                       about that with one of my stu-            of engineers and researchers at       more with wireless testing, more
                                       dents at the university recently.         Core developing new test scripts.     application testing and working
                                       His position was that he would            What does it take to come up with     on testing vulnerabilities specific
                                       rather write and use his own tools        this type of tool? (And, by the       to particular vertical markets.

Threat analysis: NitroSecurity
         ow do you differentiate a     is analyze it. Sounds like a SIEM
To top