Penetration Testing mailing list archives
Re: NetSec Breaking Apps Better Than AppSec
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Fri, 8 Jul 2011 11:58:48 -0700
http://www.novainfosecportal.com/2011/07/07/netsec-breaking-apps-better-than-appsec/
Um, really? The all-too-common expertise extremes are both very undesirable, and I don't see any value in arguing over which one is better than the other. The archetypal "net" security guy who doesn't understand SOP or the consequences of <script>-related mixed content when auditing a web app is about as harmful as a "web app" security guy who can't tell an integer overflow from a format string bug - that is, unless they correctly recognize and acknowledge their limitations, which is almost never the case. /mz ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- NetSec Breaking Apps Better Than AppSec Rob Fuller (Jul 08)
- Re: NetSec Breaking Apps Better Than AppSec Michal Zalewski (Jul 08)