Re: Penetration Testing - Human Factor
- From: Joey Peloquin <joeyp@xxxxxxxxx>
- Date: Wed, 23 Aug 2006 07:09:48 -0500
KeenerPB@xxxxxxxxxxxxxxx wrote:
I would disagree with Arian regarding the technical aspects of "true"
hacking...in my experience, social engineering plays a huge role in
successful compromise of a network. Most of the time the boundaries are
pretty tight so you have to lob one over the fence (social engineering) in
order to punch out from the inside to defeat the boundary devices.
All due respect, I'm both an Enterprise pen-test customer and an internal
pen-tester at the same company, and I don't see social engineering on the
radar at all, save a mention as part of our security awareness program.
How many enterprises do you all contract with that *actually* include social
engineering, and the like, in the scope? We've paid as much as 40K for an
engagement and it didn't include social engineering.
-jp
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
- Follow-Ups:
- RE: Penetration Testing - Human Factor
- From: StyleWar
- Pen-testing/auditing MS Exchange Servers.
- From: Serge Vondandamo
- RE: Penetration Testing - Human Factor
- References:
- RE: Penetration Testing - Human Factor
- From: KeenerPB
- RE: Penetration Testing - Human Factor
- Prev by Date: Re: Penetration Testing - Human Factor
- Next by Date: Re: Penetration Testing - Human Factor
- Previous by thread: RE: Penetration Testing - Human Factor
- Next by thread: Re: Penetration Testing - Human Factor
- Index(es):
Relevant Pages
|
|
