You are confusing terms here I think. VUlnerability Assessment = scanner tools
Pen-Test = actual skill. At least thats how those consultants with a clue should be selling it. A Vuln Assessment has value, but can be done by anyone. A Pen-Test, takes a lot more time, the value is aguable, and only the skilled can actually do them. On 12/4/05, sk <[EMAIL PROTECTED]> wrote: > CISSP is bullshit. as eeye said 99% of the security consultants do their > pen-tests with automated tools which is pathetic in my opinion. > if you cant write exploits, you are no professional, more like a steam > blower. how can someone be professional when he doesnt > even understand how an exploit works in deep? what if there are custom > scripts or exotic daemons installed? without beeing able to audit > code and understand how certain bugs are beeing exploited, how can someone > think he got enough clue to do a professional security audit? > its just a rip off of the customers as simple as that. or would you pay > someone to run an automated tool against your host, sit back and wait > till a nice pdf statistic is generated so he got something to present to > you? of course you wouldnt. in the 90s the people still had to learn on > their own and all the mainstream hackers who speak at your conventions didnt > learn their knowledge from stupid class rooms. > everyone who thinks hes a security professional or even a hacker after he > made some certs, is just living in a dream world. > then again the media plays well with the steam blowers so they can make a > nice living.. > sorry i just had to say that since its going on my nerves how all these > people suddenly think their stupid certs make em special, but then if > it comes to knowledge everyone is cluless... > > -sk > ----- Original Message ----- > From: "Ivan ." <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Monday, December 05, 2005 3:01 AM > Subject: [Full-disclosure] IT security professionals in demand in 2006 > > > > http://www.computerworld.com.au/index.php/id;923889191;fp;16;fpid;0 > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
