Core Impact is releasing something new this year. In the meantime, they made some updates to their product. First, they have a new agent written in Python so that it can be used against different types of environments and be even more flexible. Additionally, they’re staying on top of the latest threats by updating to the latest OWASP Top 10 list, making web application tests even more effective.
Core Impact agents are binary implants that can be placed into a remote host’s memory or file system. A new Python-based agent supports the exploitation and post-exploitation capabilities within any system supporting Python 2/3, including Raspberry Pi, macOS, or even IBM i. Such an agent could be used as a jumping off point to perform an internal test from an external network, like a cloud environment.
This new agent highlights the importance of pen testing different parts of your IT environment, including less common systems and applications. Attackers often rely on this focus and use these less common environments to sneak in unnoticed, enabling them to pivot to other systems and linger for longer.
OWASP Top 10
The Open Web Application Security Project (OWASP) recently announced some exciting changes to its Top 10 list, which has long been regarded as a standard in the industry for application security. The new version includes some new categories, as well as renamed and redefined old ones. The new list is now:
- Broken Access Control
- Cryptographic Failures
- Insecure Design
- Security Misconfiguration
- Vulnerable and Outdated Components
- Identification and Authentication
- Software and Data Integrity Failures
- Security Logging and Monitoring Failures
- Server-Side Request Forgery
Enhance and upgrade your penetration testing capabilities and to get started why not book a free consultation.
S4 Applications can help your business review its ability to protect assets and respond to cyber threats to help make vulnerability and threat management a strategic priority in your business.
Book a demo for Core Impact and contact us for a consultation.