Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: Notes from CISSP class with Dr. Eric Cole

Re: Notes from CISSP class with Dr. Eric Cole

From: Saqib Ali <docbook.xml_at_gmail.com>
Date: Wed, 12 Oct 2005 08:34:40 -0700

> The second case involved a pentest where a CISSP had conducted a project
> for a web portal. The CISSP told the customer the portal was secure,
> but the customer had concerns about the quality of the work perform.
> Again I was called in to check the other CISSP's work and I was able to
> gain root access in 6 hours. That customer now checks the background
> and even tests CISSP before they are allowed to do any work.

It is not the job of a CISSP to tell if a application is secure (hack
proof) or not. It is like asking a District Attorney to perform Police
Detective work. It doesn't work like that. You need a different
skillset to perform detective work. 

--
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.
Received on Oct 12 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]