Penetration Testing mailing list archives

Re: Social Engineering Pentest

From: "Paul Melson" <pmelson () gmail com>
Date: Wed, 23 Apr 2008 07:29:21 -0400

On Tue, Apr 22, 2008 at 5:16 PM, Joseph McCray
<joe () learnsecurityonline com> wrote:

I just got contacted by a customer that wants a pentest with the primary
 focus being Social Engineering. We do a few things, but the SE portion
 of our assessments isn't all encompassing by any means.

 If you do a healthy amount of SE in your assessments give me a holla
 because I'd really be interested in talking to you about developing a
 more thorough social engineering attack framework that we can customize
 for different customer verticals.


The thing about SE - in my opinion, anyway - is that testing it in any
meaningful way requires that you have something to test against. [1]

PaulM

[1] http://archives.neohapsis.com/archives/sf/pentest/2007-02/0016.html

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

Social Engineering Pentest Joseph McCray (Apr 22)
- Re: Social Engineering Pentest Paul Melson (Apr 23)
  - Re: Social Engineering Pentest Marco Ivaldi (Apr 24)
  - RE: Social Engineering Pentest zz_Franklin Castle (Apr 25)
- <Possible follow-ups>
- RE: Social Engineering Pentest Kaminski, Lorenz (Apr 28)