“Penetration testing is the icing on the cake for vulnerability management, and CORE IMPACT allows you to assault your systems just as real attackers would to ensure that there’s no way to break in. It shows you how real-world attacks play out against your defences and illustrates how security controls are working, and where they’re breaking down.”


“Penetration testing gives you the most accurate and comprehensive view of your information security posture. It evaluates an entire network, exploiting vulnerabilities to determine precisely how an attacker can get control of valuable information.”

- Kevin Miller of SASKTEL

“CORE IMPACT is the only product that proves you can get into a network and verifies the fact that the IPS is doing its job properly. You can see the lock, but you have to try it to see if the doors are really secure. Until you run CORE IMPACT against an IPS, you can not be sure that you are completely secure. Unfortunately, security technologies are often deployed in a vacuum, and you need to verify that these technologies are functioning effectively and providing a proper return on investment. When it comes to network or host-based IPS, administrators and managers must run a penetration test with CORE IMPACT to be sure that they are secure.

- Chuck Jenson, Technical Course Developer, McAfee

“Penetration testing is the only way to estimate how many vulnerabilities a given network has and thus, how easy it would be to compromise that network.”

- Earl Greer & Kent Dyer, Federal Computer Week, May 15, 2006

“… A scan just doesn’t cut it. A scan only tells you what the potential vulnerabilities are, it does not tell you if they are exploitable. To test any kind of IPS, you must attempt to penetrate it to see if it is doing its job and protecting your network.”

- Chuck Jenson, Technical Course Developer, McAfee

“With attackers unleashing a constant barrage on corporate networks, endpoints and ubiquitous applications, organizations have found that proactive penetration testing conducted on a regular basis is highly effective at validating and rapidly improving their IT security posture.”

- Charles Kolodgy, Research Director, Security Products, IDC