280 ◾ The Security Risk Assessment Handbook
© 2011 by Taylor & Francis Group, LLC
the techniques that may be employed include password cracking, privilege
escalation, Web application hacking, social engineering, e-mail spoong, and
ad hoc testing.
SIDEBAR 7.2 Zero-Knowledge Testing: Who Is Really Being Tested?
Many organizations assume that the external threats or hackers to their systems must truly be
outsiders. As such, they expect that when hackers first begin to break into their systems, these
hackers start with no knowledge of the organization’s systems, connections, partners, and
employees.
The objective of an external penetration test is to test the adequacy of security controls in place
and their resistance to attack from an external ...