Penetration Testing mailing list archives
RE: Pen-Test and Social Engineering
From: "Andrew Lacey" <andrew.lacey () classicblue com au>
Date: Tue, 7 Feb 2006 08:11:14 +1100
Consider also adding a clause that vindicates the end user.. (so they don't get fired) By nature most people are willing to help and it is usually the process/procedure where it breaks down. i.e. Users don't know what information is sensitive, or they didn't follow the procedure to the letter at 4am because they couldn't get a hold of their line manager. -----Original Message----- From: Sysmin Sys73m47ic [mailto:sysmin.systematic () gmail com] Sent: Monday, 6 February 2006 9:07 AM To: pen-test () securityfocus com Subject: Re: Pen-Test and Social Engineering
In yuor opinion, can a Social Engineering test be considered part of a
Pen-Test? It just depends on the terms of engagement and the scope of the assessment. Some companies are funny about social engineering and may be strongly opposed to having it included in an assessment. Every company also has different levels of knowledge and ideas about what a pen-test consists of. Just be sure everything is on paper first before doing anything. In my opinion, social engineering is part of any good pen-test. -- Sysmin Sys73m47ic S3curi7y R3s34rch3r The Hacker Pimps! DC904 ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Pen-Test and Social Engineering, (continued)
- Re: Pen-Test and Social Engineering Bob Radvanovsky (Feb 06)
- Re: Pen-Test and Social Engineering Pete Herzog (Feb 06)
- RE: Pen-Test and Social Engineering Erin Carroll (Feb 06)
- Re: Pen-Test and Social Engineering Fixer (Feb 06)
- Re: Pen-Test and Social Engineering Pete Herzog (Feb 07)
- RE: Pen-Test and Social Engineering Terry Vernon (Feb 07)
- RE: Pen-Test and Social Engineering Leif Ericksen (Feb 08)
- Re: Pen-Test and Social Engineering Pete Herzog (Feb 08)
- Re: Pen-Test and Social Engineering Volker Tanger (Feb 08)
- Re: Pen-Test and Social Engineering Leif Ericksen (Feb 09)
- Re: Pen-Test and Social Engineering Bob Radvanovsky (Feb 06)
- Re: Pen-Test and Social Engineering Neil (Feb 07)