Comments on: Should Social Engineering be a part of Penetration Testing?

By: RichB

RichB — Wed, 17 May 2006 19:56:19 +0000

SE absolutely should be part of a pen test. It can serve to pinpoint organizational failures in applying and/or enforcing security policies--and lack of adequate employee security awareness training. All too often, organizations download stacks of security policies from the web and shove them in a binder... having a policy is not the same as following a policy.

By: HTNet

HTNet — Tue, 07 Mar 2006 07:33:03 +0000

Data Security for the Enterprise: The Human Factor…

When the subject of corporate data security comes up in any board meeting, chances are, the topics will straight away dive into complicated things such as firewalls and IDP systems. And when this happens, it’s obvious that the meeting participan…

By: Ubourgeek

Ubourgeek — Sun, 05 Mar 2006 10:25:34 +0000

I’ll be brief for once – the short answer is “YES – ABSOLUTELY”.

As I’ve told people I’ve presented to regarding SEng, “Once you realize that 70% of helpdesks will do anything to help, 80% of SysAdmins are lazy and 90% of users are stupid, you’ll begin to understand the impact wetware hacking can have.”.

Cheers,

By: Your Employees Don’t Care About Your Data »

Your Employees Don’t Care About Your Data » — Sat, 04 Mar 2006 04:51:28 +0000

[...] As we discussed in the article on Social Engineering in Penetration Testing, it’s not that the employees don’t care as such, it’s that they don’t know. They haven’t been educated, they are ignorant, their awareness of best practise is low. An experiment carried out within London’s square mile has revealed that employees in some of the City’s best known financial services companies don’t care about basic security policy. [...]

By: backbone

backbone — Thu, 02 Mar 2006 11:59:39 +0000

Social enginnering should be part in the penetration test… why should you try it in the hard way, if it’s posibile in the “tricky” way… this is why Kevin Mitnick is one of the best hackers that are still alive…