Penetration Testing mailing list archives
Re: WebServices Testing
From: "Jamie Riden" <jamesr () europe com>
Date: Sat, 7 Oct 2006 10:19:18 +1300
[NB: I'm not explicitly not commenting on dallas' skill, since I have no way to gauge it] On 06/10/06, mailing lists <bofn () irq org> wrote:
and instead of getting someone who does know how to, you prefer to fumble a bit. doesnt seem to take much to get those 'GCIH, CISSP' certificates.
CISSP is a broad qualification rather than a particularly deep one and I certainly wouldn't hire someone to do pen-test on the basis of that alone.
sorry about the flame.. But,,, this is why the infosec bizz has become cowboy territory rather then a serious profession. and it ticks me off a bit, knowing that those who have put in the effort of learning how it all really functions inside, are getting a bad name from the "just sell it first, and then figure out later how to do it" types. the times that we have looked at companies after they where certified secure, by cowboy companies, and found endless amounts of flaws and serious holes, seems unreal, but is fact.
Like this ? http://blog.wired.com/27BStroke6/index.blog?entry_id=1563286 'Report: TrustE Sites Twice As Likely to Be Bad Actors' The trust you place in the certification is only as great as your trust in the certifying authority, which as we see above can take on negative values :( cheers, Jamie -- Jamie Riden, CISSP / jamesr () europe com / jamie.riden () gmail com NZ Honeynet project - http://www.nz-honeynet.org/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- WebServices Testing dallas jordan (Oct 05)
- Re: WebServices Testing mailing lists (Oct 05)
- RE: WebServices Testing Paul Melson (Oct 06)
- Re: WebServices Testing Jamie Riden (Oct 06)
- Re: WebServices Testing Joseph McCray (Oct 06)
- <Possible follow-ups>
- Re: WebServices Testing revnic (Oct 06)
- Re: WebServices Testing mailing lists (Oct 08)
- Re: WebServices Testing mailing lists (Oct 08)
- RE: WebServices Testing Paul Melson (Oct 09)
- Re: WebServices Testing mailing lists (Oct 05)