Work2Code > Application Security  > Social Engineering & Security Testing Thinking Exercises
Social Engineering is often not given a priority. For those who believe in it for "Up skilling" their game in Security, here are the social engineering exercises.

Social Engineering & Security Testing Thinking Exercises

10 exercises for our readers.

#SE01 → Your enemy resides in a different country and you want to spy on all his activities on his computer

More context:

// He connects to the internet to check his email

// He uses anti-virus that is a free edition

// He is attracted to piracy and porn

Write down your approach or your thoughts about gaining access to every bit of data on his computer.

#SE02 → You want to know the IP address of a target and you need to know this without the knowledge of the target.

More context:

// Target is available on the social media platform. That’s twitter.

// Target likes freebies

#SE03 → You need to get into a physical infrastructure of a multinational company. The company entrance has a security guard and if you bypass him through social engineering, you can accomplish your goal. What are your ideas to get through the security guard?

#EX01 → Your job is to help the customer with the 5 good security questions and 5 bad security questions. Please list down.

#EX02 → Identify the possible threats in your company. These can be notorious developers, rogue insiders, employees who hold a grudge and so on. Also, list down reasons why you think they are a threat to your company. Basically, identify threat agents or threat drivers.

#EX03 → Passive Reconnaissance → You have been assigned a task to gather information or do a passive recon for http://tuppad.com/

Gather information as much as you can and list down the highlights of your exploration.

EX04 → Develop a functional design / algorithm for forgot password feature in web application. Your goal is to help the customer achieve secure enough forgot password feature.

More context:

// application type: food delivery / ecommerce

// email address is used as a username

EX05 → What’s the best password according to you and why?

apple@123

aaaaaa@0

RomaniaIsBeautiful

ILoveClujOnMilkyWay

19199919

0989

EX06 → Username enumeration attack → Which of the below error message is secure enough and why are others not good enough?

Invalid username / password

The username entered is incorrect. Please retry!

Username and password are both incorrect. Try again!

The password entered for username Santhosh is incorrect. (WordPress way)

Incorrect credentials

EX07 → Your task is to stop the bots from cracking the username and password in the login form. And also stop the human employed bots to stop manual brute-force attack. As a security consultant, what suggestions would you like to give in order to secure login form against brute force attacks?

Work2Code

Work2Code is a brand new breed of programmers, testers and test automation experts who always think about the value they are creating for the customers.

No Comments

Leave a reply