OWASP Archives - Abricto Security

Understanding IDOR Attacks: How Insecure Direct Object References Threaten Application Security
Gallery
Understanding IDOR Attacks: How Insecure Direct Object References Threaten Application Security

Blog

Understanding IDOR Attacks: How Insecure Direct Object References Threaten Application Security

By Takahiro Nakamura|2024-05-30T15:16:49-04:00May 30, 2024|Blog|

What is an IDOR attack? An insecure direct object reference (IDOR) is a type of vulnerability that occurs when a threat actor is able to gain access to unauthorized objects by manipulating identifiers within areas ...

Securing SuiteCRM on Apache
Gallery
Securing SuiteCRM on Apache

Blog

Securing SuiteCRM on Apache

By Anthony Ralston|2022-08-24T15:17:01-04:00September 2, 2020|Blog|

SuiteCRM is a popular open-source Client Relations Manager (CRM). I took some time to review the code and basic implementation of the application within a vanilla Ubuntu Debian build. I found good security practices within ...

PHP Type Juggling
Gallery
PHP Type Juggling

Blog

PHP Type Juggling

By Anthony Ralston|2022-08-24T15:17:10-04:00August 12, 2020|Blog|

Type juggling is an expected functionality of PHP when leveraging loose comparisons. However, it can be used to subvert intended operations. In this blog, we will discuss why type juggling occurs, what are the potential ...

Defining the Secure Software Development Lifecycle (SSDLC)
Gallery
Defining the Secure Software Development Lifecycle (SSDLC)

Blog

Defining the Secure Software Development Lifecycle (SSDLC)

By Cornel du Preez|2022-08-24T15:17:19-04:00June 30, 2020|Blog|

Here at Abricto Security, we believe that application penetration tests only reveal the tip of the iceberg. Specifically, if we conduct an application penetration test and we find that it’s riddled with vulnerabilities, the remediation ...