Penetration testing for mobile phones
Core Security announced the Core Impact Pro v12 penetration testing software, a commercial-grade solution that pinpoints security exposures in Android, BlackBerry and iPhone mobile devices to help prevent the theft and compromise of sensitive enterprise data accessible deeply within them.
The solution significantly advances the use of the community-developed Metasploit Framework through features that meet strict enterprise requirements for effective use of open-source exploits. Metasploit Framework exploits effectively supplement Core Security’s vast library of commercial-grade exploits.
Additionally, Core Impact Pro now supports IPv6 environments, provides assessment capabilities for all OWASP Top Ten Web application vulnerabilities, and establishes VPN pivots on Windows and Linux systems.
The solution assesses the real-world security of Web applications, network and endpoint systems, mobile and network devices, wireless networks, email users and information security policies. The penetration testing software solution safely replicates a broad range of threats.
New mobile device penetration testing capabilities include:
- Evaluate Android, BlackBerry and iPhone mobile device security, prior to deployment
- Identify and prove critical exposures to data, just as deeply as criminals (retrieve phone call, SMS and MMS information, download contacts, gather GPS location data)
- Assess end-user security awareness using common social engineering techniques (phishing emails and texts, Web form impersonation, fake wireless access points, wireless Man-in-the-Middle attacks)
- Gain actionable data and reports on mobile device security
Advanced usage of Metasploit exploits:
- Run Metasploit Framework exploits through any pivot point to remotely launch exploits against compromised systems, regardless of where they fall on the attack path revealed during testing
- Increased testing scope to reflect a broader range of attacks, by selecting and identifying Metasploit Framework exploits using built-in selection capabilities
- Deploy Core Security’s agent payload to take advantage of advanced post-exploitation and pivoting capabilities, based on exploits created by either Core Security or Metasploit Framework
- Encrypt all agent payload communications for penetration testing
Support for OWASP Top Ten, IPv6 and VPN pivoting:
- Assessment capabilities that address all OWASP Top Ten Web application vulnerabilities
- Includes cross-site request forgery, OS command injection, and unvalidated redirects and forwards
- Security assessments that now target and attack over IPv6 systems
- VPN pivoting on both Windows and Linux systems
- Run vulnerability scanners and other complementary solutions against targeted systems
- Enhanced anti-virus evasion