Mitigating web application vulnerabilities typically requires developers to rework code, so it’s critical for • demonstrate the potential
web application security testing to pinpoint actual threats and eliminate false positives. IMPACT Pro both consequences of a successful attack
identifies potential vulnerabilities and validates them against web application exploits. By revealing how
• gather information necessary for
and where a data breach could unfold and by exposing at-risk information assets, IMPACT Pro enables you to addressing security issues and
work with developers to confidently plan remediation efforts and avoid unnecessary code changes for both preventing data incidents
new and existing applications.
Successfully Testing Your
Replicate attacks that extend to backend network systems Custom Web Applications
Web applications don’t exist in a vacuum and are typically networked to other systems. Consequently, a
compromised web application can open the door to attacks on other network assets, compounding the Most web applications are custom-
built or highly specialized. Because
damage caused by the initial breach. With the addition of web application testing to its comprehensive
of the level of customization, testing
network, endpoint and wireless security testing capabilities, IMPACT Pro enables you to safely assess your applications for security vulnerabilities
security against attacks that cross all three vectors. For instance, IMPACT Pro can replicate an attack that requires the creation of unique exploits.
initially compromises a web server or end-user workstation and then tunnels to backend network systems.
Only IMPACT Pro allows you to test information security in the face of such complex attacks. CORE IMPACT Pro goes beyond web
application vulnerability scanning
by dynamically creating customized
THE WEB APPLICATION RAPID PENETRATION TEST exploits on-the-fly, which can safely
replicate data breach attempts against
CORE IMPACT Pro’s Web Application Rapid Penetration Test (RPT) reduces the time and technical skill both proprietary and out-of-the-box
required to effectively test the security of web applications. The RPT brings speed and efficiency to web apps.
the entire security testing process, allowing you to accurately and safely identify security weaknesses,
demonstrate the potential consequences of an attack, and garner information that can help you prevent Gaining Actionable Data for
actual data incidents. Web Application Risk Mitigation
• Open a Command Shell - enables you to run OS commands on the web server
• Open a PHP Console - enables you to interact with the web application and server; provides access to
backend databases and programs associated with the web application
• Install IMPACT OS Agent (see sidebar)