Penetration Testing mailing list archives

RE: OSCP

From: christopher.riley () r-it at
Date: Wed, 17 Dec 2008 10:56:23 +0100

That's a common misconception (as I mentioned in previous messages). HR 
and (some) management think that a CISSP is a license to do anything 
security. Opinions on the CISSP vary so much, but personally I doubt the 
expertise of the CISSP qualified amongst us. I don't doubt that they know 
their stuff, but CISSP is too broad to be useful in a lot of circumstances 
(like penetration testing).

eduardo.dimonte () gmail com@inet wrote on 17.12.2008 10:00:14:

You are comparing two things that have nothing in common. CISSP does not
teach you how to do a pentest, and been an expert in pentesting does not
allow you to have the CISSP.



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]

On

Behalf Of Gichuki John
Sent: martes, 16 de diciembre de 2008 21:47
To: christopher.riley () r-it at
Cc: andreg () gmail com; arivas () hyphensolutions com;
listbounce () securityfocus com; pen-test () securityfocus com;
pen-test-return-1078487582 () securityfocus com
Subject: Re: OSCP

I have seen this same problem so often it just eats me. I know a company

that had a test done by Earnest and Young in Nairobi, and the only 
vulnerability that was found is the zone file transfer, and the guys are

CISSP certified, so whenever we meet with my fellow group of pentester 
we laugh at it, saying,"u are vulnerable to dig!" Secondly u will see 
employers, like a company called Safaricom employing CISSP, and the 
other day i watched one of them trying to figure out how a SQLi really 
works.

I think CISSP is just a paper. But business is always business.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



----------------------------------------
Raiffeisen Informatik GmbH, Firmenbuchnr. 88239p, Handelsgericht Wien, DVR 0486809, UID ATU 16351908

Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail dient ausschliesslich Informationszwecken. 
Rechtsgeschaeftliche Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden. 
Correspondence with above mentioned sender via e-mail is only for information purposes. This medium may not be used for 
exchange of legally-binding communications.
----------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

Current thread:

Re: OSCP, (continued)
- Re: OSCP Terry Cutler (Dec 05)
- Re: OSCP Andre Gironda (Dec 05)
- Re: OSCP Nick (Dec 05)
- Re: OSCP christopher . riley (Dec 12)
  - Re: OSCP Andre Gironda (Dec 12)
    - Re: OSCP Chris Griffin (Dec 12)
    - Re: OSCP Andre Gironda (Dec 13)
    - Re: OSCP christopher . riley (Dec 15)
    - Re: OSCP Gichuki John (Dec 16)
    - RE: OSCP Eduardo Di Monte (Dec 18)
    - RE: OSCP christopher . riley (Dec 18)
    - Re: OSCP JB (Dec 18)
    - Re: OSCP s0h0us (Dec 19)
    - Re: OSCP Taras P. Ivashchenko (Dec 18)
    - Re: OSCP Pete Herzog (Dec 18)
    - Re: OSCP christopher . riley (Dec 18)
- Re: OSCP Craig Wilson (Dec 18)
  - RE: OSCP Leach, Paul (Dec 18)
- Re: OSCP jfvanmeter (Dec 18)
- Re: OSCP Wolf (Dec 18)
  - Re: OSCP NeZa (Dec 18)