From: K K Mookhey (NII) (kkmookhey@niiconsulting.com)
Date: Sun Feb 05 2006 - 13:51:32 EST
A social engineering test can often be more fruitful than a network-based
pentest, and serves an extremely useful purpose. We've had instances where
an amazing amount of information has been revealed by IT staff when social
engineering has been part of the engagement. In fact, a pentest can be
expanded to not only include social engineering, but also penetration of the
physical security perimeter of the organization. Some of our juiciest data
has come after entering an organization's premises, attaching a small
wireless access point somewhere unobtrusively, exiting out, and then
connecting peacefully from the parking lot or from across the street.
Cheers,
K. K. Mookhey
Founder
NII Consulting
Web: www.niiconsulting.com
------------------------------------
Comprehensive Security Assessment Software
http://www.niiconsulting.com/products.html
Checkmate!
http://www.niiconsulting.com/checkmate/
------------------------------------
This message may contain privileged and confidential information and is
solely for the use of intended recipient. If you are not the intended
recipient you should not disseminate, distribute, store, print, copy or
deliver this message. Please notify the sender immediately by e-mail if you
have received this e-mail by mistake and delete this e-mail from your
system.
> -----Original Message-----
> From: burzella@inwind.it [mailto:burzella@inwind.it]
> Sent: Friday, February 03, 2006 7:33 PM
> To: pen-test@securityfocus.com
> Subject: Pen-Test and Social Engineering
>
> Hi
> In yuor opinion, can a Social Engineering test be considered
> part of a Pen-Test?
>
> Thanks
>
> --------------------------------------------------------------
> ----------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking
> applications on your website. Up to 75% of cyber attacks are
> launched on shopping carts, forms, login pages, dynamic
> content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website
> for vulnerabilities to SQL injection, Cross site scripting
> and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> --------------------------------------------------------------
> -----------------
>
>
>
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:26 EDT