Title
CORE IMPACT: Penetration Test Automation
Authors
Iván Arce
In
White paper
Date published
2001
Keywords
Penetration testing, CORE IMPACT

Abstract

Over the past few decades the information security industry has changed drastically. New products and services have emerged to address the increasingly complex scenario created by today’s multitude of technologies and their interconnectivity. The appearance and market acceptance of firewalls, VPN solutions, PKI, vulnerability scanner software and intrusion detection systems is a clear sign of the evolution of market awareness. Organizations are becoming more aware of the importance of security not only for protecting their assets but also for successfully conducting their business day-to-day.

As the information security market has changed, so have the services provided by its consulting firms and specialized security companies. Long-used practices have evolved to new standards in terms of quality, and new services have emerged as accepted practices for the risk assessment and mitigation process.

In this context, Penetration Tests have quickly become an accepted practice to assess and improve a company’s system security in a world of would-be attackers.

However, the practice is still in an early stage of development, relying largely on informal knowledge, hacker handiwork, scarce security expertise and the quick and successful execution of a set of time-constrained tasks throughout a consulting engagement.

CORE IMPACT provides a comprehensive framework to perform penetration tests within a controlled environment that makes it possible to define and enforce a methodology, increase the consulting team productivity, leverage the generation and acquisition of knowledge and security expertise through successive engagements, and elevate the practice to the new standards of quality required by today’s organizations.

Attachments