Impact Version 10 adds support for wireless support, more Web vulnerabilities

Core Security today added support for attacking wireless networks in a new version of its enterprise penetration testing tool. Core Impact Pro v10 also includes more features for testing Web applications, a beefed-up GUI, and support for Windows 7.

Alex Horan, director of product management for Core, says Impact's wireless support lets pen testers wage man-in-the middle attacks and crack the encryption in WEP, WPA, and WPA2-encrypted networks. "In version 9, you could just sniff a wireless network, he says. Version 10 lets you see a wireless network and break in, he says.

Impact also now includes testing for additional Web application security flaws, including insecure direct object references, failure to restrict URL access, security misconfiguration, and insufficient transport layer protection to test for weaknesses in SSL-secured sites. "The discovery we do is based on crawling. We got a lot more capability for looking for pages directly," he says.

And Impact's exploits now inject payloads into PDFs and executables for phishing and spear-phishing attacks. "That's the most exciting part of this release for me," Horan says.

Version 10 also tests for leakage of certain types of data, including Social Security numbers, credit card numbers, and other sensitive data. Users who opt into Core's community data-sharing program, which lets them anonymously share data on their testing findings, now can also access data on how other organizations are using the tool and trends in their pen tests of other customers. "If you've opted in, we will display the community stats on your dashboard," he says. "You can see how your [results] compare with the community of Core Impact customers."

Impact's new features further reflect a shift in pen testing from a "black art" to more of a mainstream practice, Horan says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights