Pentesting the People; social engineering is an easy vulnerability
When it comes to penetration testing of an enterprise, you instantly think about all the cool tools and tactics used to enumerate the target and locate a possible vulnerability that could be exploited to gain entry to that enterprise’s internal network. Have you ever thought about one of the biggest possible vulnerabilities that control the front doors of your enterprise? People. Every pentesting engagement should include some sort of physical and social engineering aspect. You can have the strongest perimeter in the world, but if your physical security team or the people manning your phone systems are susceptible to a social engineering attack, you can get breached very quickly.