penetration testing

Is your penetration testing vendor just trying to sell you products and services?

Not too long ago, while working at another company, I was subjected to a presentation by a paid speaker at our annual sales kickoff meeting.  Since I was heavily focused on security consulting solutions for my client base, our leadership assumed that I would be thrilled by them including a keynote speaker who “specialized” in Is your penetration testing vendor just trying to sell you products and services?

PHP Type Juggling

Type juggling is an expected functionality of PHP when leveraging loose comparisons. However, it can be used to subvert intended operations. In this blog, we will discuss why type juggling occurs, what are the potential impacts, and why we should use strict comparisons when developing applications in PHP. Equal vs Identical In PHP, there is PHP Type Juggling

Defining the Secure Software Development Lifecycle (SSDLC)

Defining the Secure Software Development Lifecycle (SSDLC)

Here at Abricto Security, we believe that application penetration tests only reveal the tip of the iceberg. Specifically, if we conduct an application penetration test and we find that it’s riddled with vulnerabilities, the remediation effort shouldn’t stop once those vulnerabilities are patched and the application gets shipped. Instead, we believe the mantra that “security Defining the Secure Software Development Lifecycle (SSDLC)