Social Engineering Methodology

Overview

Social engineering exploits human trust, authority, and urgency to gain unauthorized access to systems, information, or physical spaces. In authorized penetration testing, SE assessments measure an organization's human-layer defenses — security awareness training effectiveness, policy adherence, and incident reporting culture.

SE testing requires explicit written authorization separate from technical testing scope. Techniques target people, not systems, and carry unique ethical and legal obligations.

Topics in This Section

• SE Frameworks & Lifecycle — attack cycle models, ATT&CK mapping, legal framework