From: timisw@gmail.com
Date: Fri Sep 21 2007 - 06:05:20 EDT
http://twistpair.com/index/webapp-partners-action?id=75
Besides the normal routes with the device, the best form of "pentest" to the product would be to "social engineer" your way onto the RoIP network. A lot of times a "secure/encrypted" form of communications will be broken out and that conversatoin is available on unencrypted means. That is more in the realms of OpSec, but still pertinent for what your looking into. The users on a secure end forgets that the end to end security is missing since he is talking thru a RoIP gateway!
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:08 EDT