Hello.
How do you guys test Moodle security? Do you test the server your Moodle is on?
Do you use any pentesting tools?
The Open University regularly does penetration testing of our Moodle sites. and judging by the forum posts, other people do too.
Note that there are several common mistakes that secruity testers make when testing Moodle.
For example I bet they will tell you both: