A question that often arises when planning vulnerability analysis is whether "social engineering" techniques should be used. My consistent answer is no - not unless you are prepared to do an awful lot of work before trying it. Vulnerability analysis is . . .
A question that often arises when planning vulnerability analysis is whether "social engineering" techniques should be used. My consistent answer is no - not unless you are prepared to do an awful lot of work before trying it. Vulnerability analysis is a useful approach to measuring the success of information security policies. It's especially useful when there are known vulnerabilities introduced into a system and the percentage of identification of those known vulnerabilities is used to measure the quality of the penetration testing.

Penetration testing is one tool that can support vulnerability analysis. By itself, however, penetration testing - that is, simply looking for a way to penetrate a security perimeter - is an inadequate measure of security.

The link for this article located at Help Net Security is no longer available.