[Dailydave] Immunity Certified Network Offense Professional

[Thomas Ptacek]

>  I would generally agree that anyone selling themselves as a pen-tester should
>  be able to pass this -- but not at the exclusion of also being able to identify
>  poor use of crypto, architectural failures or web application
>  vulnerabilities. Maybe
>  the dispute here is in understanding what the purpose of this certification is.

No, see, I'm saying something different --- I'm saying that people who
sell themselves as pen-testers DO NOT need the skills this test looks
for. Ability to FIND overflows is more valuable than the ability to
EXPLOIT them.

-- 
---
Thomas H. Ptacek // matasano security
read us on the web: http://www.matasano.com/log