Re: [WEB SECURITY] Questions about web application penetration testing

[Bil Corry <bil@xxxxxxxxx>]

Arian J. Evans wrote on 12/29/2009 11:48 AM: 
> The CISSP is rote memorization knowledge-test. There is little to no
> applied knowledge in it. If you are a decent test-taker, and have
> decent memory, it should not take you long to study for and pass. It's
> not that hard. Don't worry about what you will forget. A lot of the
> rote knowledge, like where to use B&W cameras, and security and
> process control in a waterfall development method, will wind up
> largely useless to you anyway, as technology and approaches evolve. So
> replace it as quickly as possible with real-world experience.

The real-world experience will have to come before getting the CISSP certification as it requires "a minimum of five years of direct full-time security work experience" (or four years if you qualify for a waiver):

	http://www.isc2.org/cissp-professional-experience.aspx

I believe that's why it's a checkbox for HR -- they're assured that you must have done *something* for at least four years in infosec.


- Bil


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA