Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Pentestn ASP website with tinymce
From: Robin Wood <robin () digininja org>
Date: Wed, 1 Sep 2010 10:03:48 +0100

On 31 August 2010 17:30, Luana C. Rocha <luanac.rocha () gmail com> wrote:
 Hi,

The company whose i work for is in process evaluating a new website.
They are not concerned about security, but with how easy is to update the
website content.
At this moment the developer that is winning this evaluating is proposing to
use tinymce as a content manager.
I read about tinymce and I'm really concerned about our security.
Does anyone uses the tinymce? Can anyone point me a good way to pentest this
site and how to enforce it's security  just in case they insist to use
tinymce?


Exploit DB is a good start:

http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=tinymce&filter_author=&filter_platform=0&filter_type=0&filter_port=&filter_osvdb=&filter_cve=

And Security Focus

http://www.securityfocus.com/vulnerabilities

PS: please forgive-me the bad english, i'm learning yet.

Its better than some of the native speakers!

Robin

LCR

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault