Posted by: Dan O'Connor
I find it strange that physical pen testing and digital seem to have some sort of impenetrable wall between them when I talk with people. I know when doing a pen test you have your scope of what is off limits and how far you are supposed to go. These limits can be business based, maybe on critical systems that cannot experience down time no matter when. Or even cost based that there is only so much in the cookie jar for this project.
Pen testing is great but I think you need to be careful on what your are testing, is it the ability to make a scope to satisfy the stake holders and prevent system down time ( Don’t think that I am saying to disregard this ) or test the ability of the network to withstand penetration?
Also if you are do a pen test why not include a physical aspect? Maybe walk in the front door as the delivery man? Maybe not do it on the first day, case out the place. Do a little research find someone going on vacation you can use as a mark. I know it’s a little hard when you work there but is something to get you thinking of the non-main line ideas you can pull.