Once again, we are proud and excited to introduce a new release: CORE IMPACT Pro v11. This is another example of Core continuing on our strategy of providing customers with product updates on three fronts: security breadth, security depth, and features and functionality. As a matter of fact, we’re honored to have been recently added to SC Magazine’s “Innovators Hall of Fame” in recognition of this strategy.

Here's a video of me giving a quick overview of some of the major new features. For more details, read on ...

For security breadth, we’re pleased to add the ability to penetration test network devices, specifically Cisco devices, for the first time in an integrated penetration testing solution. This will allow users to find security configuration flaws and exploit them, demonstrating the risk posed by not keeping network infrastructure secure. We’ve also added testing in a new area for web applications: XSS vulnerabilities in Flash objects, helping you understand the security flaws in your Web 2.0 applications.

For security depth, there are numerous additions across the board. For web app penetration testing, the vector that is our leading priority for investment, we’ve added a ton of capabilities including crawling JavaScript-generated dynamic links; identifying and exploiting persistent XSS vulnerabilities (in addition to the reflective XSS capabilities added in v8); testing for additional server configuration vulnerabilities to enhance OWASP top 10 coverage; the ability to find new servers via their web services and add these to the network vector for coverage of the whole stack – and many others. In wireless pen testing we’ve added “evil twin,” man-in-the-middle capabilities. To IMPACT’s client-side assessment vector we’ve added data leak testing, presenting the victim forms to fill out to see what the tester can collect. We added and updated pre- and post-exploitation capabilities as well. And of course, it’s been a banner year for our developers and exploit writers, with over 280 adds and updates to IMPACT Pro exploits and other testing modules since January 1.

As far as updating functionality, customers will notice a spiffy new dashboard making key data more quickly available when they start IMPACT, new reports to go with the new wireless and networking functionality, as well as small updates and improvements throughout such as the ability to show only the modules that apply to the target instead of just highlighting them.

To see all the great new features and updates described in more depth, see the What’s New page.

As we’ve continued to update and improve the product, our customers have rewarded us with record renewal rates even in a down economy. We believe we’ve continued to earn their business by advancing our lead with v11, and we will keep up the hard work for them in 2011.

For those of you who join us at BlackHat in Vegas every year, and make it out of the conference, you may know that in craps, 11 is a winner on the come out roll, but craps if you’re trying to make your point. Most of us in technology know enough math to know gambling is stacked against you if you’re playing fair – and you only have to look around you to see how much money is being raked in by the Casinos. Well, with v11, we’d like your house to be the winner and take some of the gamble out of securing your networks. You’ll win on the come out roll with v11, and the bad guys will crap out trying to make their point.

OK, that was really lame for an “11” theme; it’s why I’m the product guy and not the marketing guy. Maybe I’ll do better with a dozen, but I know our customers will be able to do more – and do it better – with v11. Happy pen testing!