Bryan Smith wrote: > > After all, security topics are covered in great detail in the Security > > Essentials exam, given that we see the Essentials exams as complementary, > > Security Essentials would be a better place for these topics. > > That's what's been most impressive with the current Essentials program > approach ... the 'breakout' of the various, 'essential' SMEs into > their own objectives (and exams). I think it's working very, very > well so far.
The only problem here is that security in particular shouldn't be left to the “security people”. Everyone should know about potential security issues in their own area of expertise. In any case there doesn't seem to be anything about the typical security issues with web-based applications in the current “Security Essentials” draft. So if we accept the “Web Development Essentials” objects as they are, we will unleash a cadre of certified “web developers” who – even if they have also taken our “Security Essentials” – have never heard about header injection, session hijacking, XSS, or CSRF. What could possibly go wrong? Anselm -- Anselm Lingnau · [email protected] · https://www.tuxcademy.org Freie Schulungsmaterialien für Linux und Open-Source-Software Free Training Materials for Linux and Open-Source Software _______________________________________________ lpi-examdev mailing list [email protected] https://list.lpi.org/mailman/listinfo/lpi-examdev
