In social engineering tests, we rely on social psychology—particularly the classic principles of social influence described by Robert Cialdini:
- rule of reciprocity – if we receive something for free, we feel obligated to reciprocate
- rule of commitment and consistency – people want to be consistent with their previously made statements and commitments
- rule of liking – we are more likely to trust people we like or who inspire our trust
- authority influence – the tendency to comply with people holding high positions or possessing expert knowledge
- social proof – we act the way most people do in a given situation
- scarcity principle – the harder something is to obtain, the more valuable it seems
- rule of commitment and consistency – the longer we are involved in something, the harder it is for us to withdraw from it
Our activities are based on recognized international security testing standards:
- PTES (Penetration Testing Execution Standard)
- OSSTM Manual (Open Source Security Testing Methodology Manual)
- ISSAF (Information Systems Security Assessment Framework)
- The Social Engineering Framework (www.social-engineer.org)
