Penetration Testing mailing list archives
Re: Pen-Test and Social Engineering
From: Louis Lerman <lblerman () gmail com>
Date: Sun, 5 Feb 2006 16:17:53 -0500
Yes, it can be. However, that would depend on what the client wants (is it part of the RFP?). Of note, you should be careful when reporting the results of such a test back to the client. In my experience, when I would perform social engineering (as part of a pen-test) I would only report statistics (e.g. % of user's "duped") and not specific users that were "duped". Basically, the metrics that could be used to interpret the effectiveness of the client's security awareness. My .02 cents. Regards, Louis On 3 Feb 2006 14:03:18 -0000, burzella () inwind it <burzella () inwind it> wrote:
Hi In yuor opinion, can a Social Engineering test be considered part of a Pen-Test? Thanks ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Pen-Test and Social Engineering burzella (Feb 05)
- Re: Pen-Test and Social Engineering Marco Ramilli (Feb 05)
- Re: Pen-Test and Social Engineering Steven (Feb 05)
- RE: Pen-Test and Social Engineering John (Feb 05)
- Re: Pen-Test and Social Engineering Peter Wood (Feb 05)
- RE: Pen-Test and Social Engineering K K Mookhey (NII) (Feb 05)
- Re: Pen-Test and Social Engineering Petr . Kazil (Feb 05)
- Re: Pen-Test and Social Engineering Louis Lerman (Feb 05)
- Re: Pen-Test and Social Engineering Fixer (Feb 05)
- Re: Pen-Test and Social Engineering Sysmin Sys73m47ic (Feb 05)
- Re: Pen-Test and Social Engineering Serg Belokamen (Feb 05)
- RE: Pen-Test and Social Engineering Terry Vernon (Feb 05)
- Re: Pen-Test and Social Engineering Tim (Feb 06)
- Re: Pen-Test and Social Engineering Francisco Pecorella (Feb 06)
- <Possible follow-ups>
- RE: Pen-Test and Social Engineering Michael Mooney (Feb 05)
- Re: Pen-Test and Social Engineering Ratna Kumar (Feb 05)
- Re: Pen-Test and Social Engineering Dhruv Soi (Feb 06)
- RE: Pen-Test and Social Engineering Lyal Collins (Feb 07)
- Re: Pen-Test and Social Engineering Ratna Kumar (Feb 05)