Back to University of Twente portal
Two methodologies for physical penetration testing using social engineering
Dimkov, Trajce and Pieters, Wolter and Hartel, Pieter (2010) Two methodologies for physical penetration testing using social engineering. In: Annual Computer Security Applications Conference, ACSAC '10, 6-10 Dec 2010, Austin, Texas, USA.
![[img]](http://doc.utwente.nl/style/images/fileicons/application_pdf.png)
| PDF 934Kb |
| Abstract: | Penetration tests on IT systems are sometimes coupled with physical penetration tests and social engineering. In physical penetration tests where social engineering is allowed, the penetration tester directly interacts with the employees. These interactions are usually based on deception and if not done properly can upset the employees, violate their privacy or damage their trust toward the organization and might lead to law suits and loss of productivity. We propose two methodologies for performing a physical penetration test where the goal is to gain an asset using social engineering. These methodologies aim to reduce the impact of the penetration test on the employees. The methodologies have been validated by a set of penetration tests performed over a period of two years. |
| Item Type: | Conference or Workshop Item |
| Copyright: | © 2010 ACM |
| Faculty: | Electrical Engineering, Mathematics and Computer Science (EEMCS) |
| Research Group: | |
| Link to this item: | http://purl.utwente.nl/publications/74290 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page