Product Watch: Core Adds Wireless To Penetration Test ToolProduct Watch: Core Adds Wireless To Penetration Test Tool
Impact Version 10 adds support for wireless support, more Web vulnerabilities
December 13, 2009
Core Security today added support for attacking wireless networks in a new version of its enterprise penetration testing tool. Core Impact Pro v10 also includes more features for testing Web applications, a beefed-up GUI, and support for Windows 7.
Alex Horan, director of product management for Core, says Impact's wireless support lets pen testers wage man-in-the middle attacks and crack the encryption in WEP, WPA, and WPA2-encrypted networks. "In version 9, you could just sniff a wireless network, he says. Version 10 lets you see a wireless network and break in, he says.
Impact also now includes testing for additional Web application security flaws, including insecure direct object references, failure to restrict URL access, security misconfiguration, and insufficient transport layer protection to test for weaknesses in SSL-secured sites. "The discovery we do is based on crawling. We got a lot more capability for looking for pages directly," he says.
And Impact's exploits now inject payloads into PDFs and executables for phishing and spear-phishing attacks. "That's the most exciting part of this release for me," Horan says.
Version 10 also tests for leakage of certain types of data, including Social Security numbers, credit card numbers, and other sensitive data. Users who opt into Core's community data-sharing program, which lets them anonymously share data on their testing findings, now can also access data on how other organizations are using the tool and trends in their pen tests of other customers. "If you've opted in, we will display the community stats on your dashboard," he says. "You can see how your [results] compare with the community of Core Impact customers."
Impact's new features further reflect a shift in pen testing from a "black art" to more of a mainstream practice, Horan says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023