Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

Re: Notes from CISSP class with Dr. Eric Cole
From: intel96 <intel96 () bellsouth net>
Date: Wed, 12 Oct 2005 12:19:21 -0400
That was my point! Being a CISSP does not mean that you have the technical knowledge to deploy IDS, IPS, firewalls, conducted pentest, etc. It does mean that you have an understanding of the 10 domains that the exam covers. 


Saqib Ali wrote:


The second case involved a pentest where a CISSP had conducted a project
for a web portal.  The CISSP told the customer the portal was secure,
but the customer had concerns about the quality of the work perform.
Again I was called in to check the other CISSP's work and I was able to
gain root access in 6 hours.  That customer now checks the background
and even tests CISSP before they are allowed to do any work.


It is not the job of a CISSP to tell if a application is secure (hack
proof) or not. It is like asking a District Attorney to perform Police
Detective work. It doesn't work like that. You need a different
skillset to perform detective work.
--
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]