Among the UI improvements in Impact 7.5 is the separation of the attack wizards and reports for human vulnerabilities from those for network holes. You can now get a report on your least savvy users independently from the missing patches on your networked devices, and you can view the two attack domains separately in the dashboard. With the new dashboard, you can easily sift through thousands of unique entry points into the network and their vulnerabilities, and drill down to the smallest client detail.

The Bottom Line Core Impact 7.5 Core Security, coresecurity.com Very Good  8.3 criteria score weight Capability 8 30% Ease-of-use 9 20% Management 8 20% Reporting 8 20% Value 9 10% Cost: Starts at $10,000 for a single host computer (unlimited users) Platforms: Runs on Windows XP or Windows Vista; provides exploits for Windows, Linux, Solaris, OpenBSD, AIX, and Mac OS X targets Bottom Line: Core Impact is a powerful tool for assessing network security, allowing experienced and inexperienced penetration testers alike to compromise network hosts quickly and easily. Version 7.5 expands the scope with Web application security checks, and it refines the valuable e-mail phishing feature for assessing the security savvy of end-users. Core's smart dashboard, friendly UI, attack configuration wizards, and focused reports make penetration testing easier than ever to conduct and interpret. About our Reviews and Scoring Methodology

Reports on testing activity, hosts, end users, and their vulnerabilities are a snap to generate, and they deliver the relevant information needed in an aesthetically pleasing form that executives will appreciate, though an interface that allowed different users to get different views according to their areas of responsibility would be a welcome improvement.

Web attack!
Also noteworthy in the 7.5 upgrade are two new Web application checking techniques. The first exposes vulnerabilities in Web apps that allow for SQL injection attacks. This tool removes all the heavy lifting involved in exploiting databases with Web front ends, and it should help open the eyes of security-obtuse Web programmers.

Although Core Impact doesn't provide fuzzing-level analysis of application security, it does a very thorough job of looking for proprietary SQL injection bugs, checking whether your database server is vulnerable to these types of attacks. Impact also provides information on other SQL databases linked to your database, identifying these potential targets.

In our testing, Impact was able to correctly fingerprint our (unsecured) ASP application and its Microsoft SQL Server back end, and it enabled us to successfully extract protected information from the database. Impact was even able to deploy an agent to our database server through SQL injection.

The second major new addition to Impact's arsenal of exploits is the checking for RFI (Remote File Inclusion) on PHP applications. If you're not familiar with this type of exploit, it occurs when an attacker passes his own custom PHP code to the Web server, along with a request to execute the code. Many PHP designers have unwittingly written code that easily allows this type of attack to work. In the test lab, Impact was able to give us a shell window after a successful RFI attack on our PHP site. We could install and run any PHP code on the server we wanted. Impact even allows you to take screen captures from the compromised host.

A couple of improvements that arrived with Version 7.0 are worth noting. First, the multiple client-side agents that facilitated different levels of attack in previous versions of Impact have been replaced by a single, do-everything agent. Still in-memory (on by default), the client agent can now use all network connections through a single listener port, providing a greater degree of flexibility to bypass firewalls and other security devices. The agent also now supports runtime plug-ins that open the door for customized, client-side actions such as patching, installing security software, and gathering forensic information.

Version 7.0 also added support for FreeBSD as a target OS, a long-overdue addition, as well as full pivoting from Vista machines -- the ability to attack additional machines from compromised Vista targets.

Core Impact's automated penetration testing is still quick and effective, and because Impact is not a network vulnerability scanner, its tests are 100 percent free of false positives, which is the primary reason we consider it an essential testing tool. Version 7.5's redesigned attack wizards, enhanced user interface, upgraded agent, and Web application attacks are significant improvents to an already compelling product that can help you improve your organization's security posture by compromising both the machines that reside on your network and the people that use those machines on a daily basis.