Work2Code > Application Security  > Social Engineering & Security Testing Thinking Exercises
Social Engineering is often not given a priority. For those who believe in it for "Up skilling" their game in Security, here are the social engineering exercises.

Social Engineering & Security Testing Thinking Exercises

10 exercises for our readers.

#SE01 → Your enemy resides in a different country and you want to spy on all his activities on his computer

More context:

// He connects to the internet to check his email

// He uses anti-virus that is a free edition

// He is attracted to piracy and porn

Write down your approach or your thoughts about gaining access to every bit of data on his computer.

#SE02 → You want to know the IP address of a target and you need to know this without the knowledge of the target.

More context:

// Target is available on the social media platform. That’s twitter.

// Target likes freebies

#SE03 → You need to get into a physical infrastructure of a multinational company. The company entrance has a security guard and if you bypass him through social engineering, you can accomplish your goal. What are your ideas to get through the security guard?

#EX01 → Your job is to help the customer with the 5 good security questions and 5 bad security questions. Please list down.

#EX02 → Identify the possible threats in your company. These can be notorious developers, rogue insiders, employees who hold a grudge and so on. Also, list down reasons why you think they are a threat to your company. Basically, identify threat agents or threat drivers.

#EX03 → Passive Reconnaissance → You have been assigned a task to gather information or do a passive recon for http://tuppad.com/

Gather information as much as you can and list down the highlights of your exploration.

EX04 → Develop a functional design / algorithm for forgot password feature in web application. Your goal is to help the customer achieve secure enough forgot password feature.

More context:

// application type: food delivery / ecommerce

// email address is used as a username

EX05 → What’s the best password according to you and why?

apple@123

aaaaaa@0

RomaniaIsBeautiful

ILoveClujOnMilkyWay

19199919

0989

EX06 → Username enumeration attack → Which of the below error message is secure enough and why are others not good enough?

Invalid username / password

The username entered is incorrect. Please retry!

Username and password are both incorrect. Try again!

The password entered for username Santhosh is incorrect. (WordPress way)

Incorrect credentials

EX07 → Your task is to stop the bots from cracking the username and password in the login form. And also stop the human employed bots to stop manual brute-force attack. As a security consultant, what suggestions would you like to give in order to secure login form against brute force attacks?

Get FREE Security Testing Tips

Signup now and receive an email once! Publish new content

Email field is required to subscribe..

Work2Code

Work2Code is a brand new breed of programmers, testers and test automation experts who always think about the value they are creating for the customers.

No Comments

Leave a reply