WebApp Sec mailing list archives
Re: Notes from CISSP class with Dr. Eric Cole
From: intel96 <intel96 () bellsouth net>
Date: Wed, 12 Oct 2005 12:19:21 -0400
That was my point! Being a CISSP does not mean that you have the technical knowledge to deploy IDS, IPS, firewalls, conducted pentest, etc. It does mean that you have an understanding of the 10 domains that the exam covers.
Saqib Ali wrote:
The second case involved a pentest where a CISSP had conducted a project for a web portal. The CISSP told the customer the portal was secure, but the customer had concerns about the quality of the work perform. Again I was called in to check the other CISSP's work and I was able to gain root access in 6 hours. That customer now checks the background and even tests CISSP before they are allowed to do any work.It is not the job of a CISSP to tell if a application is secure (hack proof) or not. It is like asking a District Attorney to perform Police Detective work. It doesn't work like that. You need a different skillset to perform detective work. -- In Peace, Saqib Ali http://www.xml-dev.com/blog/ Consensus is good, but informed dictatorship is better.
Current thread:
- RE: Notes from CISSP class with Dr. Eric Cole, (continued)
- RE: Notes from CISSP class with Dr. Eric Cole Michael Krzeszkowski (Oct 11)
- Re: Notes from CISSP class with Dr. Eric Cole danew123 (Oct 11)
- Re: Notes from CISSP class with Dr. Eric Cole Eoin Keary (Oct 11)
- Re: Notes from CISSP class with Dr. Eric Cole dreamwvr (Oct 11)
- Re: Re: Notes from CISSP class with Dr. Eric Cole f_kenisky (Oct 11)
- Re: RE: Notes from CISSP class with Dr. Eric Cole f_kenisky (Oct 11)
- RE: RE: Notes from CISSP class with Dr. Eric Cole Craig Wright (Oct 12)
- RE: Notes from CISSP class with Dr. Eric Cole PPowenski (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole intel96 (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole Saqib Ali (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole intel96 (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole kgp (Oct 12)
- RE: Notes from CISSP class with Dr. Eric Cole Mark Roxberry (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole intel96 (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole Saqib Ali (Nov 02)