Like the V10 engines that long powered F1 racecars on their quest for a worldwide championship, IMPACT Pro v10 sets new standards for performance in the realm of automated penetration testing.
As a fan of Formula 1 racing, I’ve been amazed by the incredible power and efficiency of the v10 engines that have powered the world’s most technically advanced race cars. In addition to their performance and unbelievable sound, you also have to respect the ability of F1 teams and builders to get such a sophisticated piece of technology onto the grid and running for 3 hours at top speed for each demanding competition of their grueling nine month season. And while F1 swapped back to V8s a few years ago to slow its cars the sake of driver safety and cost, I’m proud to say that looking at Core Security’s latest product, IMPACT Professional v10, I feel like we’ve accomplished a similar feat of advancing the state of the art. Many things we take for granted today in our cars, from the rear view mirror to traction control and anti-lock brakes came in part from racing programs, showing that what seems exotic and new at first quickly becomes critically important to every day operations. It’s also very rewarding for us to continue to deliver our newer, more advanced product versions on pace with the aggressive development schedule that we’ve laid out for ourselves. With this launch we’re leading the market into new areas and setting a new standard in what it means to be a commercial grade penetration testing product.
Under the Hood
For starters, we’ve added the ability to test Wireless (802.11) networks with new information gathering, attack and penetration, and reporting capabilities specific to Wi-Fi technology. We’ve also significantly expanded IMPACT Pro’s Web applications testing features to cover exploitation of more of OWASP’s Top 10 risks. We’ve added new support for Windows 7 – both as a target to test and as a platform on which IMPACT will run, and a whole lot more as well. We’re also very pleased to be delivering on our promise to begin sharing some initial results of the usage statistics collection we added in IMPACT Pro v9. We were careful to be clear about what testing data is being collected and kept anonymous, and transparent about how we send the data and conduct this opt-in program (i.e. a user had to take action to choose to provide the statistics; we did not collect them by default). As a result, nearly 20 percent of our users opted in so we already have a pretty good sample to begin helping us draw some initial conclusions. I hope more of you opt-in in the future. As an incentive, customers who participate get to see their data presented next to the broader community data right on their IMPACT dashboard in v10, and we’ll soon be talking more about what trends the data shows us.
As always, it is not just about the security content depth and breadth we’ve added, but also the product’s usability, scalability, reporting, etc., which are all important factors in building a commercial product for use by real organizations in the real world. In v10 we added a new Trend Report, as well as enhanced the Attack Path report from v9 to provide visual presentations of the involved information instead of just pages of lists of results. You’ll also see access to the scheduler and reporting offered directly from IMPACT Pro’s main screen, and many other smaller changes aimed at improving your overall usage experience. For the security geeks among us (of which I’m one), there are many, many new features and modules in this release around Client Side, the Agent, attacking of databases, services, and post-exploitation.