Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

Web Application Security Testing
authentication bypass vulnerability

CakePHP Application Cybersecurity Research – Forgotten Endpoint: Authentication bypass with /open prefix

Web applications are often the first target for attackers due to the vast amount of sensitive information they contain. Ensuring the security of these applications is crucial to protect both users and businesses from potential cyber threats. One of the most effective ways to identify vulnerabilities in web applications is through web application penetration testing. […]

Web Application Security Testing
xss protection

CakePHP Application Cybersecurity Research – Protect Your Website from Stored XSS Attacks: Understanding and Preventing Vulnerabilities in Open-source Applications

Stored Cross-Site Scripting (XSS) are relatively common and dangerous vulnerabilities that can compromise your web application’s security. In this article, we will discuss what stored XSS attacks are, their impact on website security, and stored XSS protection in web applications with examples of stored XSS vulnerability we found in MISP. In this article you will […]

Web Application Security Testing
white box testing example

CakePHP Application Cybersecurity Research – Exploring the PHAR Deserialization PHP Vulnerability: A White Box Testing Example

In this article, we are going to explore the topic of PHAR deserialization php vulnerability that Dawid found in a white box testing. Before we continue, let’s talk about PHAR a little bit and after that what is the PHAR deserialization php vulnerability. In this article you will find: What is PHAR? PHP Archive (in […]

Web Application Security Testing
web application security

CakePHP Application Cybersecurity Research – The Impact of a PHP Vulnerability: Exploring the Password Confirmation Bypass in MISP

In this article As someone who tests web application security cautiously, Dawid discovered a vulnerability in MISP, a popular open-source platform for sharing and analyzing threat information. This vulnerability allows an attacker to bypass password confirmation and change sensitive information without proper authorization. In this article, I’ll explain the technical details of this PHP vulnerability […]

Web Application Security Testing
web application scanner

CakePHP Application Cybersecurity Research – Attack surface in CakePHP web application penetration testing

Improve your web application scanner by understanding the attack surface Understanding the attack surface of the web application is a very important step while conducting cybersecurity research or penetration testing. Even if you are running a web application scanner as part of DAST activities, knowing the attack surface will help you cover more functionality of […]