HOT PICK - A Monthly Spotlight on a Standout Security Product
Professional penetration testers have a wide array of tools--commercial, open source and proprietary--for probing and evaluating network defenses. Effective as these tools are at finding soft spots, they lack consolidated reporting functions and interoperability with other pen-testing tools.
Enter Core IMPACT, an automated risk assessment software solution that consolidates the power of the disparate pen-testing tools and the reporting functions of auditing apps in an easy-to-use Windows-based GUI solution. Developed by Core Security Technologies, an Argentinean security firm that migrated to the U.S., IMPACT is intended to make pen testing easier, faster and more efficient.
Through simple drag-and-drop movements, an infosec assessor can easily test and evaluate network defenses. Instead of having to go through the manual process of using port scanner like Nmap to find vulnerable services, then pulling out Whisker to find known vulnerabilities, IMPACT runs through the gamut of available tools and exploits to find and expose holes.
IMPACT comes with an extensive and updatable library of known attacks and vulnerabilities. Through its APIs, users can customize existing attacks and create tests based on new threats and vulnerabilities. Through its scripting engine, users can define test methodologies, ensuring tests of different hosts are conducted the same way for comparison purposes.
Complete Article >> http://www.infosecuritymag.com/2002/may/hotpick.shtml