Physical pentesting – do pentesting companies shy from physical pentesting?

Viewing 5 reply threads
  • Author
    • #6514

      Pentesters – do pentesting companies shy from physical pentesting? How do you, pentesters, perceive this part of the job? Do you consider it the integral part of your profession, just like you do with vulnerability scanning and managment? Or is it just “something different”?

    • #40361

      If a security guard carries firearms or even a taser, I won’t do physical pentesting. It’s important, but I refuse to accept the risk.

    • #40362

      hmm I think is all depends on the scope of the work. Like anything with Pen testing if you don’t have permission you just don’t do it as it could get you into  trouble.

      I personal think that all companies should take physical security and social engineer attack serious. I have read many books when all attacks on the network have failed however by walking in the company or ringing them 9 times out of 10 they have gained access this way.

    • #40363

      Definitely agree Jamie.R, I just don’t want to be that guy. Let’s say i have permission and a signed authorization from the CEO but an overzealous security guard decides he needs to take me down. He may not wait for me to fish a piece of paper out of my pocket. No thanks.

    • #40364

      There is risk involved of course.
      However the realities are that not many companies are good at Physical Security.
      If you have these concerns I would have some additional clauses in the engagement contract to cover the event of your own personal damage.

      It doesnt stop it happening granted, but it gives you some insurance.

    • #40365

      Here are some physical Pen testers

Viewing 5 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?