Impact Version 10 adds support for wireless support, more Web vulnerabilities
December 13, 2009
Core Security today added support for attacking wireless networks in a new version of its enterprise penetration testing tool. Core Impact Pro v10 also includes more features for testing Web applications, a beefed-up GUI, and support for Windows 7.
Alex Horan, director of product management for Core, says Impact's wireless support lets pen testers wage man-in-the middle attacks and crack the encryption in WEP, WPA, and WPA2-encrypted networks. "In version 9, you could just sniff a wireless network, he says. Version 10 lets you see a wireless network and break in, he says.
Impact also now includes testing for additional Web application security flaws, including insecure direct object references, failure to restrict URL access, security misconfiguration, and insufficient transport layer protection to test for weaknesses in SSL-secured sites. "The discovery we do is based on crawling. We got a lot more capability for looking for pages directly," he says.
And Impact's exploits now inject payloads into PDFs and executables for phishing and spear-phishing attacks. "That's the most exciting part of this release for me," Horan says.
Version 10 also tests for leakage of certain types of data, including Social Security numbers, credit card numbers, and other sensitive data. Users who opt into Core's community data-sharing program, which lets them anonymously share data on their testing findings, now can also access data on how other organizations are using the tool and trends in their pen tests of other customers. "If you've opted in, we will display the community stats on your dashboard," he says. "You can see how your [results] compare with the community of Core Impact customers."
Impact's new features further reflect a shift in pen testing from a "black art" to more of a mainstream practice, Horan says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024