WebApp Sec mailing list archives
Re: Notes from CISSP class with Dr. Eric Cole
From: Saqib Ali <docbook.xml () gmail com>
Date: Wed, 12 Oct 2005 08:34:40 -0700
The second case involved a pentest where a CISSP had conducted a project for a web portal. The CISSP told the customer the portal was secure, but the customer had concerns about the quality of the work perform. Again I was called in to check the other CISSP's work and I was able to gain root access in 6 hours. That customer now checks the background and even tests CISSP before they are allowed to do any work.
It is not the job of a CISSP to tell if a application is secure (hack proof) or not. It is like asking a District Attorney to perform Police Detective work. It doesn't work like that. You need a different skillset to perform detective work. -- In Peace, Saqib Ali http://www.xml-dev.com/blog/ Consensus is good, but informed dictatorship is better.
Current thread:
- RE: Notes from CISSP class with Dr. Eric Cole, (continued)
- RE: Notes from CISSP class with Dr. Eric Cole Lyal Collins (Oct 11)
- RE: Notes from CISSP class with Dr. Eric Cole Michael Krzeszkowski (Oct 11)
- RE: Notes from CISSP class with Dr. Eric Cole Lyal Collins (Oct 11)
- Re: Notes from CISSP class with Dr. Eric Cole danew123 (Oct 11)
- Re: Notes from CISSP class with Dr. Eric Cole Eoin Keary (Oct 11)
- Re: Notes from CISSP class with Dr. Eric Cole dreamwvr (Oct 11)
- Re: Re: Notes from CISSP class with Dr. Eric Cole f_kenisky (Oct 11)
- Re: RE: Notes from CISSP class with Dr. Eric Cole f_kenisky (Oct 11)
- RE: RE: Notes from CISSP class with Dr. Eric Cole Craig Wright (Oct 12)
- RE: Notes from CISSP class with Dr. Eric Cole PPowenski (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole intel96 (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole Saqib Ali (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole intel96 (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole kgp (Oct 12)
- RE: Notes from CISSP class with Dr. Eric Cole Mark Roxberry (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole intel96 (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole Saqib Ali (Nov 02)