OWASP

Securing SuiteCRM on Apache

SuiteCRM is a popular open-source Client Relations Manager (CRM). I took some time to review the code and basic implementation of the application within a vanilla Ubuntu Debian build. I found good security practices within the application itself, however, it seemed that the majority of configuration guides available would ultimately lead to security concerns in Securing SuiteCRM on Apache

PHP Type Juggling

Type juggling is an expected functionality of PHP when leveraging loose comparisons. However, it can be used to subvert intended operations. In this blog, we will discuss why type juggling occurs, what are the potential impacts, and why we should use strict comparisons when developing applications in PHP. Equal vs Identical In PHP, there is PHP Type Juggling

Defining the Secure Software Development Lifecycle (SSDLC)

Defining the Secure Software Development Lifecycle (SSDLC)

Here at Abricto Security, we believe that application penetration tests only reveal the tip of the iceberg. Specifically, if we conduct an application penetration test and we find that it’s riddled with vulnerabilities, the remediation effort shouldn’t stop once those vulnerabilities are patched and the application gets shipped. Instead, we believe the mantra that “security Defining the Secure Software Development Lifecycle (SSDLC)