jetlib.sec » Penetration Testing » Re: NetSec Breaking Apps Better Than AppSec

Feeds

133326 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Penetration Testing

• July 08, 2011
• 

  Re: NetSec Breaking Apps Better Than AppSec

  Posted: July 8th, 2011, 12:16pm PDT

  Tags:   

  Posted by Michal Zalewski on Jul 08

  Um, really? The all-too-common expertise extremes are both very
  undesirable, and I don't see any value in arguing over which one is
  better than the other.
  
  The archetypal "net" security guy who doesn't understand SOP or the
  consequences of <script>-related mixed content when auditing a web app
  is about as harmful as a "web app" security guy who can't tell an
  integer overflow from a format string bug - that...