Vulnerability management for Web applications

Core Security announced Core WebVerify Web application security software that provides organizations with actionable intelligence and analysis on indisputably critical vulnerabilities to remediate exposure to outside threats.

Core WebVerify is based upon the proven penetration testing capabilities of CORE IMPACT Pro, and safely replicates OWASP Top 10 vulnerabilities, an industry standard that organizations rely upon to focus their efforts to protect against outside threats.

It is designed to meet the need of IT security staff, quality assurance (QA) professionals and Web developers who need to test and prove the security of Web applications both within the development lifecycle and when in production for users.

With this solution you can:

• Identify and prove the exploitability of all OWASP Top Ten Web application vulnerabilities including cross-side scripting (XSS) and SQL injections
• Test customized applications with dynamic, targeted attacks
• Phish end users and measure the effectiveness of Internet security policies
• Validate the security of Web applications in production, within associated databases, Web servers and backend network systems
• Verify security levels before going into production or applying updates
• Remediate through precise intelligence and analysis to immediately address identified threats.

“Web applications are frequent targets for outside threats which make proactive security assessments crucial to deliver definitive answers about where and how applications can be breached,” said Alex Horan, senior product manager at Core Security. “Core WebVerify is borne out of a need and frustration that most security people share; namely the pressure to test more in less time and with more meaningful results. People tasked with assessing the security of Web applications, which are often already live and in use, usually don’t have time to validate or process the results of scans.”