From: Andrew Lacey (andrew.lacey@classicblue.com.au)
Date: Mon Feb 06 2006 - 16:11:14 EST
Consider also adding a clause that vindicates the end user.. (so they
don't get fired)
By nature most people are willing to help and it is usually the
process/procedure where it breaks down.
i.e. Users don't know what information is sensitive, or they didn't
follow the procedure to the letter at 4am because they couldn't get a
hold of their line manager.
-----Original Message-----
From: Sysmin Sys73m47ic [mailto:sysmin.systematic@gmail.com]
Sent: Monday, 6 February 2006 9:07 AM
To: pen-test@securityfocus.com
Subject: Re: Pen-Test and Social Engineering
> In yuor opinion, can a Social Engineering test be considered part of a
Pen-Test?
It just depends on the terms of engagement and the scope of the
assessment. Some companies are funny about social engineering and may be
strongly opposed to having it included in an assessment. Every company
also has different levels of knowledge and ideas about what a pen-test
consists of. Just be sure everything is on paper first before doing
anything.
In my opinion, social engineering is part of any good pen-test.
-- Sysmin Sys73m47ic S3curi7y R3s34rch3r The Hacker Pimps! DC904 ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:27 EDT