|
WebApp Sec
mailing list archives
Re: Notes from CISSP class with Dr. Eric Cole
From: Saqib Ali <docbook.xml () gmail com>
Date: Wed, 12 Oct 2005 08:34:40 -0700
The second case involved a pentest where a CISSP had conducted a project
for a web portal. The CISSP told the customer the portal was secure,
but the customer had concerns about the quality of the work perform.
Again I was called in to check the other CISSP's work and I was able to
gain root access in 6 hours. That customer now checks the background
and even tests CISSP before they are allowed to do any work.
It is not the job of a CISSP to tell if a application is secure (hack
proof) or not. It is like asking a District Attorney to perform Police
Detective work. It doesn't work like that. You need a different
skillset to perform detective work.
--
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.
 By Date 
By Thread
Current thread:
- Re: Re: Notes from CISSP class with Dr. Eric Cole, (continued)
Re: RE: RE: Notes from CISSP class with Dr. Eric Cole f_kenisky (Oct 12)
| 
Intro
