Quote: |
Question Do you see security professionals such as yourself who actively do exploit development at odds with your security professional status? Dave’s Answer A security professional not knowing how to write exploits is akin to a chef not knowing how to actually cook. If you can't write exploits, you can't know what's actually possible with vulnerabilities, and you're just blowing hot air. |
Quote: |
Do you see security professionals such as yourself who actively do exploit development at odds with your security professional status? |
Quote: |
Assembler code is a Low-Level Language. It is so-called because the structure of the language reflects the instruction set (and architecture) of the CPU. A programmer can get very close to the physical hardware. Low-level languages allow very efficient use of the machine but are difficult to use. |
insecurepc wrote: |
My response The queston is specifically on "budding computer security enthusiast ". Assembly or Assembler programming and learning its vulnerabilities is not for the "new computer security enthusiast at all. [...assembly is difficult... etc...] |
Quote: |
My response Dave's answer is clearly blowing off the home and small office user/owner and of no help in understanding the core question(s). [...]
I would think Dave or his sister/brother/parents are not in that single car crash. Or that anyone he may care about has that small electronic store front and hopefully they they survive long enough, to not go out of business. This all based on his clear general lack of concern over the small guy. [...] |
Quote: |
I would have to disagree. Regardless of the assembly language's learning curve being steep or not, Dave's statement that "Learning assembly is the key to really understanding vulnerabilities" is still very much true. Any security enthusiast, new or otherwise, will have to learn assembly language if they want to really understand what's going on. Simply put, the sooner you start learning it, the sooner you will get there. |
Quote: |
I'd sooner have rabies than regulation. All vendors throughout time have made outlandish claims. |
Quote: |
A security professional not knowing how to write exploits is akin to a chef not knowing how to actually cook. If you can't write exploits, you can't know what's actually possible with vulnerabilities, and you're just blowing hot air. |
bknows wrote: |
Perhaps he meant sec pro in the sense of those super technical people that the rest of us rely on. But even then, most of the guys I go to don't write exploits. Does Schneier write exploits? Greg Shipley? Even if they do, there's a lot more to security than writing exploits. |
Sgt_B wrote: |
As a pentester I don't think one has to know how to write exploits or know assembly at all. |
Quote: |
I think he meant security professional as in one who finds vulnerabilities in systems; application security testers, penetration testers etc. This seems to be the focus of the company where he works and their products. |
Quote: |
I personally feel that like in any job you will have the elite, and then the others. Dave Aitel is obviously part of the hacking elite. The large remainder of us are knowledgeable and competent. |
Quote: |
My question to those people is: if you see a big string of AAAAAAAAAAAAAAAAAAAAA's with ASCII garbage appearing in your log-files, you know what's up, right? |
output generated using printer-friendly topic mod, All times are GMT + 2 Hours