Many organizations leverage AWS as their cloud computing platform. Allowing access to and from their AWS resources is critical for workloads to operate uninterrupted. This means that an AWS VPC is often seen as a logical extension of the corporate
Our team researches and documents bleeding-edge security concepts and hacking techniques. This blog explores these topics and more to keep you informed.
Introduction to Hardware Hacking: Part 2
By Anthony Ralston | December 02, 2020 | Blog
In the last blog, we discussed the components that are used in hardware hacking, the discovery phase and how to pull information off a device leveraging a UART port and the Das U-Boot boot loader. However, in some cases we aren’t able to
Introduction to Hardware Hacking: Part 1
By Anthony Ralston | November 13, 2020 | Blog
There are many devices out there that store information in different ways and unfortunately, not all of them take security into account. With the advent of the Internet of Things (IoT), device manufacturers are publishing devices faster than ever,
Shifting Security Left: A Practical Guide
By Cornel du Preez | November 05, 2020 | Blog
Application security practitioners often preach about the importance of shifting security left in the software development life-cycle (SDLC). The reason this catch-phrase so-easily resonates with leadership is simple: if it’s possible to identify
Is your penetration testing vendor just trying to sell you products and services?
By Brent Brackin | September 17, 2020 | Blog
Not too long ago, while working at another company, I was subjected to a presentation by a paid speaker at our annual sales kickoff meeting. Since I was heavily focused on security consulting solutions for my client base, our leadership assumed
By Anthony Ralston | September 02, 2020 | Blog
SuiteCRM is a popular open-source Client Relations Manager (CRM). I took some time to review the code and basic implementation of the application within a vanilla Ubuntu Debian build. I found good security practices within the application itself,
By Anthony Ralston | August 12, 2020 | Blog
Type juggling is an expected functionality of PHP when leveraging loose comparisons. However, it can be used to subvert intended operations. In this blog we will discuss why type juggling occurs, what are the potential impacts, and why we should
Defining the Secure Software Development Lifecycle (SSDLC)
By Cornel du Preez | June 30, 2020 | Blog
Here at Abricto Security, we believe that application penetration tests only reveal the tip of the iceberg. Specifically, if we conduct an application penetration test and we find that it’s riddled with vulnerabilities, the remediation effort
By Cornel du Preez | April 13, 2020 | Blog
Abricto Security understands that all industries feel the impact of COVID-19 and we’re here to help. Our team is shifting our operating procedures to accommodate fully remote consultations and assessments. Here is how we plan to do so: We will
