Blog - Abricto Security

Securing SuiteCRM on Apache
Gallery
Securing SuiteCRM on Apache

Blog

Securing SuiteCRM on Apache

By Anthony Ralston|2022-08-24T15:17:01-04:00September 2, 2020|Blog|

SuiteCRM is a popular open-source Client Relations Manager (CRM). I took some time to review the code and basic implementation of the application within a vanilla Ubuntu Debian build. I found good security practices within ...

PHP Type Juggling
Gallery
PHP Type Juggling

Blog

PHP Type Juggling

By Anthony Ralston|2022-08-24T15:17:10-04:00August 12, 2020|Blog|

Type juggling is an expected functionality of PHP when leveraging loose comparisons. However, it can be used to subvert intended operations. In this blog, we will discuss why type juggling occurs, what are the potential ...

Defining the Secure Software Development Lifecycle (SSDLC)
Gallery
Defining the Secure Software Development Lifecycle (SSDLC)

Blog

Defining the Secure Software Development Lifecycle (SSDLC)

By Cornel du Preez|2022-08-24T15:17:19-04:00June 30, 2020|Blog|

Here at Abricto Security, we believe that application penetration tests only reveal the tip of the iceberg. Specifically, if we conduct an application penetration test and we find that it’s riddled with vulnerabilities, the remediation ...

Our Response to COVID-19
Gallery
Our Response to COVID-19

Blog

Our Response to COVID-19

By Cornel du Preez|2022-08-24T15:17:30-04:00April 13, 2020|Blog|

Abricto Security understands that all industries feel the impact of COVID-19 and we’re here to help. Our team is shifting our operating procedures to accommodate fully remote consultations and assessments. Here is how we plan ...

SQLmap Cheatsheet and Examples
Gallery
SQLmap Cheatsheet and Examples

Blog

SQLmap Cheatsheet and Examples

By Cornel du Preez|2022-08-24T15:17:37-04:00April 2, 2020|Blog|

Target the http://target.server.com URL using the "-u" flag: sqlmap -u 'http://target.server.com' Specify POST requests by specifying the "--data" flag: sqlmap -u 'http://target.server.com' --data='param1=blah&param2=blah' Target a vulnerable parameter in an authenticated session by specifying cookies using the "--cookie" ...

Extracting Private Keys From Public Keys Generated With Weak Random Number Generators
Gallery
Extracting Private Keys From Public Keys Generated With Weak Random Number Generators

Blog

Extracting Private Keys From Public Keys Generated With Weak Random Number Generators

By Cornel du Preez|2022-08-24T15:17:46-04:00March 19, 2020|Blog|

Public key encryption is heavily utilized in modern implementations of SSH. By leveraging public key cryptography, administrators can generate both a public key and a private key to encrypt and decrypt data in transit. Using ...

Password List Generation Using CUPP
Gallery
Password List Generation Using CUPP

Blog

Password List Generation Using CUPP

By Cornel du Preez|2024-07-01T16:22:41-04:00February 7, 2020|Blog|

In many of our network and web application penetration tests, we come across login portals that aren't protected by anti-automation controls. Essentially, this allows us to launch unrestricted dictionary attacks on previously identified usernames. When ...

LATEST POSTS