Penetration Testing mailing list archives
RE: OSCP
From: christopher.riley () r-it at
Date: Wed, 17 Dec 2008 10:56:23 +0100
That's a common misconception (as I mentioned in previous messages). HR and (some) management think that a CISSP is a license to do anything security. Opinions on the CISSP vary so much, but personally I doubt the expertise of the CISSP qualified amongst us. I don't doubt that they know their stuff, but CISSP is too broad to be useful in a lot of circumstances (like penetration testing). eduardo.dimonte () gmail com@inet wrote on 17.12.2008 10:00:14:
You are comparing two things that have nothing in common. CISSP does not teach you how to do a pentest, and been an expert in pentesting does not allow you to have the CISSP. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On
Behalf Of Gichuki John Sent: martes, 16 de diciembre de 2008 21:47 To: christopher.riley () r-it at Cc: andreg () gmail com; arivas () hyphensolutions com; listbounce () securityfocus com; pen-test () securityfocus com; pen-test-return-1078487582 () securityfocus com Subject: Re: OSCP I have seen this same problem so often it just eats me. I know a company
that had a test done by Earnest and Young in Nairobi, and the only vulnerability that was found is the zone file transfer, and the guys are
CISSP certified, so whenever we meet with my fellow group of pentester we laugh at it, saying,"u are vulnerable to dig!" Secondly u will see employers, like a company called Safaricom employing CISSP, and the other day i watched one of them trying to figure out how a SQLi really works. I think CISSP is just a paper. But business is always business. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
---------------------------------------- Raiffeisen Informatik GmbH, Firmenbuchnr. 88239p, Handelsgericht Wien, DVR 0486809, UID ATU 16351908 Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail dient ausschliesslich Informationszwecken. Rechtsgeschaeftliche Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden. Correspondence with above mentioned sender via e-mail is only for information purposes. This medium may not be used for exchange of legally-binding communications. ---------------------------------------- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Re: OSCP, (continued)
- Re: OSCP Taras P. Ivashchenko (Dec 18)
- Re: OSCP Pete Herzog (Dec 18)
- Re: OSCP christopher . riley (Dec 18)
- RE: OSCP Leach, Paul (Dec 18)
- Re: OSCP NeZa (Dec 18)