Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Penetration Testing - Human Factor
From: "StyleWar" <stylewar () cox net>
Date: Sat, 26 Aug 2006 18:44:04 -0500

lol

With respect, I think that's a greater commentary on your contracting
methods than it is on what's available. The Pen-Tests I have run include
everything from physical, to logical, to social/administrative.  The
customer has had to opt out on specific methods and attack trees as part of
the preengagement process.

-

StyleWar

"Patriotism isn't defined in a moment.  It's defined in a lifetime." 

-----Original Message-----
From: Joey Peloquin [mailto:joeyp () cotse net] 
Sent: Wednesday, August 23, 2006 7:10 AM
To: KeenerPB () mcnosc usmc mil
Cc: Pen-Testing
Subject: Re: Penetration Testing - Human Factor

KeenerPB () mcnosc usmc mil wrote:
I would disagree with Arian regarding the technical aspects 
of "true"
hacking...in my experience, social engineering plays a huge role in 
successful compromise of a network. Most of the time the boundaries 
are pretty tight so you have to lob one over the fence (social 
engineering) in order to punch out from the inside to 
defeat the boundary devices.

All due respect, I'm both an Enterprise pen-test customer and 
an internal pen-tester at the same company, and I don't see 
social engineering on the radar at all, save a mention as 
part of our security awareness program.

How many enterprises do you all contract with that *actually* 
include social engineering, and the like, in the scope?  
We've paid as much as 40K for an engagement and it didn't 
include social engineering.

-jp

--------------------------------------------------------------
----------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
--------------------------------------------------------------
----------





------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]