Moderator lurk mode=off

I get variations of this type of inquiry often so I let this one through
so I could point everyone's attention to the charter and FAQ for the
pen-test list: http://www.securityfocus.com/archive/101/description.

I have not set up a monthly automated membership email which lists the
FAQ information similar to lists like infosecnews since I didn't want to
unnecessarily clutter member's inboxes but if you prefer I can do so.
Please ping me directly if you have questions/concerns/input.

--
Erin Carroll
Moderator, SecurityFocus penetration-testing list
"Do Not Taunt Hapy-Fun Ball"

On 9/1/2010 12:49 PM, Shawn Barry wrote:
> Can anyone tell me how to opt-out of this mailing list? I enjoy
> reading some of these letters, but my inbox is useally flooded with
> emails because I signed up for too many mailing lists...
>
> On Sep 1, 2010, at 4:03 AM, Robin Wood <robin (at) digininja (dot) org [email concealed]> wrote:
>
>> On 31 August 2010 17:30, Luana C. Rocha <luanac.rocha (at) gmail (dot) com [email concealed]> wrote:
>>> Hi,
>>>
>>> The company whose i work for is in process evaluating a new website.
>>> They are not concerned about security, but with how easy is to
>>> update the
>>> website content.
>>> At this moment the developer that is winning this evaluating is
>>> proposing to
>>> use tinymce as a content manager.
>>> I read about tinymce and I'm really concerned about our security.
>>> Does anyone uses the tinymce? Can anyone point me a good way to
>>> pentest this
>>> site and how to enforce it's security just in case they insist to use
>>> tinymce?
>>>
>>
>> Exploit DB is a good start:
>>
>> http://www.exploit-db.com/search/?action=search&filter_page=1&filter_des
cription=tinymce&filter_author=&filter_platform=0&filter_type=0&filter_p
ort=&filter_osvdb=&filter_cve=
>>
>>
>> And Security Focus
>>
>> http://www.securityfocus.com/vulnerabilities
>>
>>> PS: please forgive-me the bad english, i'm learning yet.
>>
>> Its better than some of the native speakers!
>>
>> Robin
>>
>>> LCR
>>>
>>> ------------------------------------------------------------------------

>>>
>>> This list is sponsored by: Information Assurance Certification
>>> Review Board
>>>
>>> Prove to peers and potential employers without a doubt that you can
>>> actually
>>> do a proper penetration test. IACRB CPT and CEPT certs require a full
>>> practical examination in order to become certified.
>>> http://www.iacertification.org
>>> ------------------------------------------------------------------------

>>>
>>>
>>>
>>
>> ------------------------------------------------------------------------

>> This list is sponsored by: Information Assurance Certification Review
>> Board
>>
>> Prove to peers and potential employers without a doubt that you can
>> actually do a proper penetration test. IACRB CPT and CEPT certs
>> require a full practical examination in order to become certified.
>>
>> http://www.iacertification.org
>> ------------------------------------------------------------------------

>>
>
> ------------------------------------------------------------------------

> This list is sponsored by: Information Assurance Certification Review
> Board
>
> Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs
> require a full practical examination in order to become certified.
> http://www.iacertification.org
> ------------------------------------------------------------------------

>

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]