Core Security TechnologiesProduct:
One of our favourite tools is back this year and better than ever. Core Impact Pro 8 is the ultimate tool in vulnerability assessment and penetration testing. It provides a comprehensive suite of features in one place. It can be used to scan and exploit systems using multiple modules for information gathering, exploitation, local information gathering, privilege escalation, pivoting, clean up and reporting. It also deploys agents that run in the target's memory if a target can be exploited. These agents can be used to access system information.
Core Impact Pro 8 is still a simple install; however, because of added functionality, it has taken on a few new dependencies. The installations of the past only required that WinPcap needed to be installed. Now prerequisites include installation of the .Net Framework and SQL Server. With prerequisites installed, the installation is simple and takes a few minutes, guided by a wizard.
Once the install is complete, scanning and configuration are done from the application's console. This has also been renewed. The look of the interface is cleaner and more organised. There is also a lot more automation, including a specialised vulnerability scanning test. However, the old feature of the wizard-based, step-by-step scan is still there. This lets users discover and scan the network quickly and try to penetrate targets in a few easy steps.
Documentation includes a PDF user guide that covers the product from installation through using features and advanced configuration. It is well organised, with many screenshots, examples and step-by-step instructions.
Core Security provides technical support via phone and email. Customers also have access to an online support portal consisting of FAQs, forums, a knowledgebase, training videos, case management and other resources.
At an annual cost of approximately £21,350, this product may seem expensive, but we find it to be excellent value for the money. Core Impact provides highly specialised and sophisticated end-to-end vulnerability and penetration testing across the enterprise.