• Products

• Products Overview

• CORE INSIGHT Enterprise
  Security Testing Solution
  • Overview
  • How It Works
  • Dashboards
  • Demos
  • Data Sheets and White Papers
  • Comparing CORE INSIGHT to CORE IMPACT
  • How to Buy

• CORE IMPACT Pro
  Penetration Testing Software
  • Overview
  • What It Tests
    • End Users
    • Endpoint Systems
    • Mobile Devices
    • Network Devices
    • Network Systems
    • Web Applications
    • Wireless Networks
    • IPS/IDS, Firewalls and Other Defenses
    • Vulnerabilities Identified by Scanners
  • How It Works
  • Features and Benefits
    • Overview
    • Exploits You Can Trust
    • How Our Exploits Work
    • About Our Client-Side Exploits
    • About Our Agents
  • Vulnerability Scanner Integration
  • Reporting
  • What's New
  • Security Updates
  • Demos
    • Impact
  • Data Sheets, White Papers and Other Resources
  • Intro To Penetration Testing
    • What Is Penetration Testing?
    • Comparing Security Testing Options
    • What To Look For
    • Independent Penetration Testing Resources
    • Conducting Penetration Tests
  • Comparing CORE IMPACT to CORE INSIGHT
  • Training, Certification and Support
  • How to Buy

• Core WebVerify Web
  Application Security Testing Software
• Overview
• Web Application Vulnerability Coverage
• WebVerify vs. Scanners
• Reveal Implications of Application Vulnerabilities

• Core CloudInspect Cloud Security Testing for AWS

• Demos and Evaluations

• The Research Behind Our Products

• Why Our Products are Safe

• How to Buy

SHARE

Reveal Implications of Application Vulnerabilities

Core WebVerify offers powerful infrastructure and end-user testing capabilities that enable you to demonstrate how an attacker could proceed after compromising the web application.

Post-Exploitation Capabilities for Infrastructure Security Testing

• Assess the security of the underlying web and database servers against remote exploits targeting OS, services and system application weaknesses.
• Determine whether an attacker could gain administrative privileges on the web server via privilege escalation techniques.
• Pivot from the web server to a backend system, proving whether an initial application compromise would open the door to a breach of the internal network.
• Get remediation information about available patches and other necessary security updates.

Post-Exploitation Capabilities for End-User & Endpoint Security Testing

• Validate XSS exposures by crafting and emailing URLs that exploit XSS vulnerabilities.
• Assess employee security awareness by leveraging email addresses found in exposed databases in real-world phishing attacks.
• Leverage email templates for common types of phishing attacks, or create custom spear phishing emails.
• Identify exploitable OS, services and application vulnerabilities on endpoint machines compromised by XSS and phishing attacks.
• Trace email clickthroughs and data leakage through web forms.

• Return to the product overview page
• Learn about web application vulnerability coverage
• Learn how WebVerify compares to Scanners
• Download the product overview data sheet