http://blog.clearnetsec.com en-us 40 <p>One day in the not-so-distant-future, exploits will reveal their true nature to the public &#8211; that they are weapons of mass destruction.</p> <p>However, in this case &#8211; I think it means &#8216;overflow with A&#8217;s&#8217;, instead of &#8220;Rapid Penetration Testing&#8221; (c) CoreSec. I&#8217;m sure the PCI SSC will correct me, and later specify that only Core Impact used by a monkey qualifies (probably something as close to a real monkey as possible).</p> <p><em>“resources must be experienced penetration testers”</em></p> <p><em>What does that mean?</em></p> <p>Tate, my man, you should know what this means. The PCI SSC will specify the exact requirements for this once they figure out how to monetize it. In other words, they need to figure out which certification vendor to get into bed with so that they can take a cut of the money.</p> <p>Also see: ASV + Qualys, Requirement 6.6 clarification + F5/Citrix, et al</p> Mon, 05 May 2008 04:15:13 -0600 urn:uuid:b9a0fbba-3d40-4d9f-b371-352396887362 http://blog.clearnetsec.com/2008/05/04/true-penetration-testing#comment-64 <p>@Andre: lol, my bad, you’re exactly right. I was so wrapped up in the skills thing I forgot about the money thing. Doh. Feel free to deliver a sensibility roundhouse kick to my head anytime! :)</p> Mon, 05 May 2008 10:44:12 -0600 urn:uuid:88f5304c-59f7-4e0d-a15c-d25b50457efa http://blog.clearnetsec.com/2008/05/04/true-penetration-testing#comment-65 <p>Just wait! They&#8217;re going to get into bed with some Certified Ethical Hacker cert and that&#8217;ll be the criteria!</p> Tue, 06 May 2008 14:26:16 -0600 urn:uuid:056abf41-fd02-428f-b614-f30450a4505a http://blog.clearnetsec.com/2008/05/04/true-penetration-testing#comment-66