lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue Dec  6 17:23:35 2005
From: infosecbofh at gmail.com (InfoSecBOFH)
Subject: IT security professionals in demand in 2006

You are confusing terms here I think.  VUlnerability Assessment = scanner tools

Pen-Test = actual skill.  At least thats how those consultants with a
clue should be selling it.  A Vuln Assessment has value, but can be
done by anyone.  A Pen-Test, takes a lot more time, the value is
aguable, and only the skilled can actually do them.

On 12/4/05, sk <sk@...undzero-security.com> wrote:
> CISSP is bullshit. as eeye said 99% of the security consultants do their
> pen-tests with automated tools which is pathetic in my opinion.
> if you cant write exploits, you are no professional, more like a steam
> blower. how can someone be professional when he doesnt
> even understand how an exploit works in deep? what if there are custom
> scripts or exotic daemons installed? without beeing able to audit
> code and understand how certain bugs are beeing exploited, how can someone
> think he got enough clue to do a professional security audit?
> its just a rip off of the customers as simple as that. or would you pay
> someone to run an automated tool against your host, sit back and wait
> till a nice pdf statistic is generated so he got something to present to
> you? of course you wouldnt. in the 90s the people still had to learn on
> their own and all the mainstream hackers who speak at your conventions didnt
> learn their knowledge from stupid class rooms.
> everyone who thinks hes a security professional or even a hacker after he
> made some certs, is just living in a dream world.
> then again the media plays well with the steam blowers so they can make a
> nice living..
> sorry i just had to say that since its going on my nerves how all these
> people suddenly think their stupid certs make em special, but then if
> it comes to knowledge everyone is cluless...
>
> -sk
> ----- Original Message -----
> From: "Ivan ." <ivanhec@...il.com>
> To: <full-disclosure@...ts.grok.org.uk>
> Sent: Monday, December 05, 2005 3:01 AM
> Subject: [Full-disclosure] IT security professionals in demand in 2006
>
>
> > http://www.computerworld.com.au/index.php/id;923889191;fp;16;fpid;0
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ