Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Pentestn ASP website with tinymce

From: Erin Carroll <amoeba () amoebazone com>
Date: Fri, 03 Sep 2010 11:02:03 -0700
 Moderator lurk mode=off
I get variations of this type of inquiry often so I let this one through so I could point everyone's attention to the charter and FAQ for the pen-test list: http://www.securityfocus.com/archive/101/description.
I have not set up a monthly automated membership email which lists the FAQ information similar to lists like infosecnews since I didn't want to unnecessarily clutter member's inboxes but if you prefer I can do so. Please ping me directly if you have questions/concerns/input. 

--
Erin Carroll
Moderator, SecurityFocus penetration-testing list
"Do Not Taunt Hapy-Fun Ball"


On 9/1/2010 12:49 PM, Shawn Barry wrote:
Can anyone tell me how to opt-out of this mailing list? I enjoy reading some of these letters, but my inbox is useally flooded with emails because I signed up for too many mailing lists... 

On Sep 1, 2010, at 4:03 AM, Robin Wood <robin () digininja org> wrote:


On 31 August 2010 17:30, Luana C. Rocha <luanac.rocha () gmail com> wrote:

 Hi,

The company whose i work for is in process evaluating a new website.
They are not concerned about security, but with how easy is to update the 
website content.
At this moment the developer that is winning this evaluating is proposing to 
use tinymce as a content manager.
I read about tinymce and I'm really concerned about our security.
Does anyone uses the tinymce? Can anyone point me a good way to pentest this 
site and how to enforce it's security  just in case they insist to use
tinymce?



Exploit DB is a good start:
http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=tinymce&filter_author=&filter_platform=0&filter_type=0&filter_port=&filter_osvdb=&filter_cve= 

And Security Focus

http://www.securityfocus.com/vulnerabilities


PS: please forgive-me the bad english, i'm learning yet.


Its better than some of the native speakers!

Robin


LCR
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually 
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------ 




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 
http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 
http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: