Core Impact Professional
February 01, 2013
Core Security TechnologiesProduct:
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Powerful penetration testing and vulnerability scanning with a lot of automation options.
- Weaknesses: None that we found.
- Verdict: Typical Core quality. We have used this product extensively and never been disappointed. Best Buy.
The folks at Core Security are at it again. We found this version of the product to contain more automation, more wizards and more options than previous versions we have tested. For those that are unfamiliar with this tool, Core Impact is quickly becoming the standard in penetration testing and vulnerability scanning. This product features many types of penetration tests, including network-based and remote host-based, as well as many other tools, including Wi-Fi network and web-based penetration tests.
When we first saw this tool a few years ago, it was small and simple to install. Installation took just a few minutes and was run from an executable installer. As the solution has grown over the years, it has gained a lot of functionality, but it is still just as simple to install and use. The installation package, as well as the decryption key needed to open it, were delivered as a download via our email. Once we downloaded the installer and decrypted it using the decryption key, we were taken through a short installation wizard to configure some basic settings for installation - and that was it. The installer took care of implementing all the necessary components, including Microsoft SQL Server Express and the Crystal Reports engine. Once installation was complete, we launched into the application and found that the interface still has pretty much the same modular layout, but with one big difference: Right out of the box were quite a few wizard-based options for many types of penetration tests. Along with the many wizards and features, this solution has come a long way over the years in vulnerability scanning. When Impact was in its early stages, it was basically a penetration tool and not much more. That has changed significantly. This product can now run vulnerability- and risk-based assessment scans, as well as validate results from many other scanners by taking the logs and outputs of those scanners and comparing them with its results. This offers - from one application - a full overview of the entire network security posture.
Documentation included a full PDF user guide, as well as a couple of supplemental reference guides. The user guide covers the product from installation through advanced use. We found this to include many screen shots along with easy-to-follow instructions on how to use the product features. The other notable piece is the module reference guide. This features in-depth descriptions of exploit modules, as well as many integration options and operations.
Core Security offers both standard and premium support to customers with Impact. Standard support is available at no additional cost and includes 12/5 phone- and email-based technical support, along with access to a customer portal that includes resources, such as a knowledge base, user forums and user-training materials. Premium assistance offers all this, but phone- and email-based support is available 24/7/365. This aid level requires the purchase of a plan with an annual cost of $3,600.
With a price tag of $40,000 for the software, this offering may seem quite pricey. However, we find it to be an excellent value for the money based on its solid ease of use, powerful penetration and vulnerability assessment tools, and overall automation.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Website observed serving 83 executable files, more than 50 percent malware
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- TeslaCrypt used to extort over $76K in recent months
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- FTC gives thumbs up to companies that cooperate during breach probes
- Researchers publish developer guidance for medical device security
- Senate gears up for Saturday USA Freedom Act vote; House breaks for recess
- Researchers observe SVG files being used to distribute ransomware
- Federal prosecutors charge Chinese nationals with trade secret theft