Um, really? The all-too-common expertise extremes are both very
undesirable, and I don't see any value in arguing over which one is
better than the other.
The archetypal "net" security guy who doesn't understand SOP or the
consequences of <script>-related mixed content when auditing a web app
is about as harmful as a "web app" security guy who can't tell an
integer overflow from a format string bug - that is, unless they
correctly recognize and acknowledge their limitations, which is almost
never the case.
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
than-appsec/
Um, really? The all-too-common expertise extremes are both very
undesirable, and I don't see any value in arguing over which one is
better than the other.
The archetypal "net" security guy who doesn't understand SOP or the
consequences of <script>-related mixed content when auditing a web app
is about as harmful as a "web app" security guy who can't tell an
integer overflow from a format string bug - that is, unless they
correctly recognize and acknowledge their limitations, which is almost
never the case.
/mz
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]