Firing on All Cylinders: Meet CORE IMPACT Pro v10

December 14, 2009

As a fan of Formula 1 racing, I’ve been amazed by the incredible power and efficiency of the v10 engines that have powered the world’s most technically advanced race cars.

Masters of Automotive Illustration SeriesIn addition to their performance and unbelievable sound, you also have to respect the ability of F1 teams and builders to get such a sophisticated piece of technology onto the grid and running for 3 hours at top speed for each demanding competition of their grueling nine month season.

And while F1 swapped back to V8s a few years ago to slow its cars the sake of driver safety and cost, I’m proud to say that looking at Core Security’s latest product, IMPACT Professional v10, I feel like we’ve accomplished a similar feat of advancing the state of the art. Many things we take for granted today in our cars, from the rear view mirror to traction control and anti-lock brakes came in part from racing programs,
showing that what seems exotic and new at first quickly
becomes critically important to every day operations.

It’s also very rewarding for us to continue to deliver our newer, more advanced product versions on pace with the aggressive development schedule that we’ve laid out for ourselves. With this launch we’re leading the market into new areas and setting a new standard in what it means to be a commercial grade penetration testing product.

Under the Hood

For starters, we’ve added the ability to test Wireless (802.11) networks with new information gathering, attack and penetration, and reporting capabilities specific to Wi-Fi technology. We’ve also significantly expanded IMPACT Pro’s Web applications testing features to cover exploitation of more of OWASP’s Top 10 risks. We’ve added new support for Windows 7 – both as a target to test and as a platform on which IMPACT will run, and a whole lot more as well.

We’re also very pleased to be delivering on our promise to begin sharing some initial results of the usage statistics collection we added in IMPACT Pro v9. We were careful to be clear about what testing data is being collected and kept anonymous, and transparent about how we send the data and conduct this opt-in program (i.e. a user had to take action to choose to provide the statistics; we did not collect them by default).

As a result, nearly 20 percent of our users opted in so we already have a pretty good sample to begin helping us draw some initial conclusions. I hope more of you opt-in in the future. As an incentive, customers who participate get to see their data presented next to the broader community data right on their IMPACT dashboard in v10, and we’ll soon be talking more about what trends the data shows us.

As always, it is not just about the security content depth and breadth we’ve added, but also the product’s usability, scalability, reporting, etc., which are all important  factors in building  a commercial product for use by real organizations in the real world.

In v10 we added a new Trend Report, as well as enhanced the Attack Path report from v9 to provide visual presentations of the involved information instead of just pages of lists of results. You’ll also see access to the scheduler and reporting offered directly from IMPACT Pro’s main screen, and many other smaller changes aimed at improving your overall usage experience.

For the security geeks among us (of which I’m one), there are many, many new features and modules in this release around Client Side, the Agent, attacking of databases, services, and post-exploitation.

You can see a summary of everything that’s new here:

We’ve also put together a number of v10 preview webcasts for our customers. If you’re a customer, please log into the portal at to view a recording of these webcasts which include a summary and a demo of the new features. Also, recorded training for v10 will be made available to you in the same place later on this week.

I can’t wait to hear your feedback about this new release because I believe you’ll really like it. The teams in engineering, QA, exploit writing and research produced some added horsepower… enjoy!

-Fred Pinkett, VP of Product Management


  • Penetration testing

Ready for a Demo?

Eliminate identity-related breaches with SecureAuth!