The information security environment has changed vastly over the years. Now, in spite of having security policies, compliance, and infrastructure security elements such as firewalls, IDS/IPS, proxies, and honey pots deployed inside every organization, we hear news about how hackers compromise secured facilities of the government or of private organizations because of the human element involved in each activity.
Typically, employees are not aware of the tricks and techniques used by social engineers in which they can be used as mediators to gain valuable information such as credit card details or corporate secrets. The security of the entire organization can be at stake if an employee visits a malicious website, answers a social engineer’s phone call, or clicks on the malicious link that he/she received in their personal or company e-mail ID. This book discusses the different scenario-based social engineering attacks, both manual and computerized, that might render the organization’s security ineffective.
Denver Technology’s social engineering testing service is focused on addressing an organisation’s security issues from a human vulnerability perspective. Our unique penetration testing methodology consists of a combination of vulnerability assessment methods including technical and human-interaction methodologies.
Denver Technology’s social engineering testing methodology is derived from a combination of information security guidelines and recognised penetration testing methodology standards from sources such as OSSTMM and the social-engineer.org framework. It includes:
- Foot printing and reconnaissance
- Non-Technical Testing including:
- Verbal social engineering over the telephone
- Physical social engineering (optional)
- Technical testing including:
- Email social engineering vectors
- Mobile social engineering vectors
- Web social engineering vectors
- Attempt exploitation based on previously gathered information (optional)
- Analysis, vulnerability validation and exploitation (if in scope).