At the Cloud Computing Expo taking place this week in New York City, Core Security Technologies launched a software-as-a-service (SaaS) based security testing solution for Amazon Web Services (AWS) environments. The service, dubbed Core CloudInspect™ is an automated security testing solution that delivers on-demand intelligence and helps identify exploitable vulnerabilities in systems and web applications while verifying the security of AWS cloud instances.
Delivered on-demand via a SaaS model, Core CloudInspect uses methods honed for over a decade in Core Security’s CORE IMPACT Pro penetration testing software. The service is backed by Core’s vulnerability research, exploit writing, and application development resources, making it a good solution for AWS administrators and operational security professionals to both evaluate systems in development and conduct repeated testing to reassess live deployments over time.
With CloudInspect, users can initiate security tests of AWS-hosted instances and Web pages by logging into the Core CloudInspect service at www.CoreCloudInspect.com, authenticate their AWS deployment, identify instances and web pages to be assessed, and initiate the test. CloudInspect then automatically tests for exploitable weaknesses and delivers a variety of reports verifying security posture and providing actionable intelligence to help users prioritize and remediate any exposures.
“Amazon Web Services believes that security is paramount and that our clients should be able to easily and independently test the security of their AWS deployments,” said Stephen Schmidt, Chief Information Security Officer for Amazon Web Services. “We are pleased that our clients can take advantage of Core CloudInspect for an independent assessment of the security of their AWS-hosted instances and applications against threats.
“Sensitive data, company reputation and customer trust can all depend on cloud-based infrastructure as much as they do on in-house IT environments. It’s therefore critical for organizations to proactively validate the security of their cloud-based systems so they can better manage the risks associated with today’s threats,” said Mark Hatton, Core Security President & CEO.
Core CloudInspect is available immediately and priced “per target” at $20 per Web application or $20 per machine instance, though to assess the security of a Web application hosted by a machine instance, the machine instance must also be included in the test. Core Security is offering 3 free tests per month for a limited time.