Penetration Testing: Re: Testing the user community

[Pete Herzog <lists () isecom org>]

Hi,

We have a pretty thorough bunch of tests for this in the OSSTMM 3 draft. 
You can get it at:
http://www.isecom.org/osstmm3.HUMSEC.draft.pdf

as well as recommendations for being prepared to get the most out of the 
tests.  For example, you may want someone on the inside who can monitor 
reactions on various levels.  I know when I have done this, we had an 
insider who later told us how many calls went to internal support, how many 
complaints went to the person who's name we forged on the mail, etc.
Sincerely,
-pete.


webmaster () absolutenetworks biz wrote:
> We all know our weak link but how do you identify just how weak they are? I 
> think it's time to pen test my user community and have a couple ideas to gather 
> statistics on just how nonaware they really are. Maybe a simple phishing scam 
> and bogus email with a fake virus attachment that emails me when it's opened so 
> I can track how many folks actually opened it.  Has anyone ever done this 
> before? I can't find any information about it on the web.. thoughts and ideas 
> anybody?
> Many thanks
>
> Kurt
>
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------