Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

dailydave logo Dailydave mailing list archives

Re: Immunity Certified Network Offense Professional
From: "Thomas Ptacek" <tqbf () matasano com>
Date: Sun, 13 Jul 2008 21:14:58 -0500
 I would generally agree that anyone selling themselves as a pen-tester should
 be able to pass this -- but not at the exclusion of also being able to identify
 poor use of crypto, architectural failures or web application
 vulnerabilities. Maybe
 the dispute here is in understanding what the purpose of this certification is.


No, see, I'm saying something different --- I'm saying that people who
sell themselves as pen-testers DO NOT need the skills this test looks
for. Ability to FIND overflows is more valuable than the ability to
EXPLOIT them.

-- 
---
Thomas H. Ptacek // matasano security
read us on the web: http://www.matasano.com/log
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]