As always, we’re very proud to release another installment of our flagship CORE IMPACT Pro software. The new version, v9, represents another important milestone for Core in a number of ways.
Over the last several years, and even just the last few months, penetration testing has continued to gain wider recognition as a fundamental element of IT security and risk management programs. This is best evidenced by increasing use of the practice by private and government organizations as a standard practice, as well as if the form of regulatory bodies writing it into their requirements, including NIST, the organizations behind the Consensus Audit Guidelines and the PCI Standards Council.
What people seem to be realizing more than ever is that by regularly testing their IT assets using techniques that emulate real-world attacks, they’re able to gain a far better understanding of where their biggest problems are, and have greater visibility into the risk presented by those problems.
In an environment where seemingly everyone in IT security is looking for a method of better measuring just where they stand, how they should move forward, and whether or not their efforts and investments are actually helping them make real security improvements, pen testing is being advanced as one of the best manners of gaining insight into security status in a straightforward, regimented manner.
This is especially satisfying to us here at Core both because we’ve been talking about the power of self-assessment for years, and since we’ve been focusing our ongoing product development on features aimed specifically at helping customers get better visibility into their current risks.
The work that has gone into IMPACT Pro v9 has been dedicated to this pursuit of IT security risk visibility.
Additions to the product along these lines include our new Attack Path Report, a visual illustration showing just how a particular attack proceeds, and how multiple individual weaknesses can be used together to amplify risk by allowing an attacker paths to critical resources.
IMPACT Pro v9’s new Web Application Database Analysis Tool, which features built-in database intelligence that empowers testers to uncover specific types of data exposed by web application vulnerabilities – without requiring knowledge of specific database queries – is another feature that should really help open some eyes.
Other new IMPACT Pro attributes that will help users gain a more detailed view of their most pressing security issues include:
· Report consolidation capabilities that enable aggregated review of testing results.
· New Compliance Reports that allow companies to assess their compliance status.
· Web application fingerprinting that expands testing of commercial Web applications.
· Enhanced client-side automation for single-click testing of multiple client-side exploits.
· Expanded pre and post exploitation tools that highlight risk associated with vulnerabilities.
And on top of all that we’ve also added new ability for testing to be carried out over wireless networks, which could be helpful, if say, your organization is planning to assess security posture without trying to make those efforts immediately visible to certain sets of users.
When I look at v9, I observe the results of a lot of hard work and long hours put in by the teams here at Core starting with input from research at CoreLabs, inputs of real-world experience from Core Security Consulting Services, and of course, the input of our many loyal customers. I would also like to acknowledge the highly dedicated work of our Engineering and Quality teams, and all the work that goes into marketing, servicing and launching a major new release.
I think that when you get your hands on it, you’ll see that value, time and dedication too.
-Fred Pinkett, Vice President of Product Management