Menu

Bug Bounty Portfolio Ethical Vulnerability Research

A curated collection of responsible vulnerability disclosures made by Sanctus Solutions. Ethical vulnerability disclosures. Real threats. Responsible action.

Request Security Assessment View Portfolio

About the Researcher

Brennan Bosco - Director of Communications

Brennan Bosco

Director of Communications

bbosco@sanctus-solutions.com 972-728-1412

Brennan Bosco is a cybersecurity analyst and ethical hacker with hands-on experience identifying real-world vulnerabilities—from misconfigured web servers to exposed plugins and authentication flaws. He is trained through NGT Academy and certified in both red and blue team operations.

Professional Approach

Ethical Testing

No exploitation, no shortcuts—just verified insights

Responsible Disclosure

Clear communication and public service mission

Red & Blue Team

NGT Academy certified in offensive and defensive operations

Vulnerability Disclosures

Case Study: Sensitive Log File Exposure & Outdated PHP

June 2025 Patched Non-intrusive verification

Vulnerability Summary

During a responsible security audit of a live WordPress installation, Sanctus Solutions identified a publicly accessible debug.log file within the /wp-content/ directory.

Critical Finding: 52GB log file with byte-range access

The server was also running PHP 7.4.33, which reached end-of-life in 2022, increasing the site's vulnerability to known exploits.

Risks Identified

  • Potential leakage of plugin info and error logs
  • Server file paths and user data exposure
  • Risk of targeted scraping or automated recon
  • Server fingerprinting through exposed headers

Recommendations Provided

  • Disable WP_DEBUG_LOG in production
  • Remove or restrict access to debug.log file
  • Upgrade PHP to supported version (8.2+)
  • Turn off expose_php directive

Technical Verification Methods

Command-line verification using curl
In-browser access testing
Header analysis and examination
Non-intrusive verification only

Technical Assessment Methods

Non-Intrusive Testing

Responsible testing without exploitation or system damage

Command-Line Verification

Using curl and other tools for confirmation testing

Browser Testing

In-browser access testing for user-facing vulnerabilities

Header Analysis

Server response header examination and fingerprinting

Risk Categories Identified

Data Exposure

Sensitive log files accessible without authentication, revealing system information and user data.

Information Disclosure

Server version information exposed through headers, enabling targeted attacks.

Security Misconfiguration

Debug logging enabled in production environments, creating unnecessary security risks.

Outdated Software

End-of-life PHP versions and outdated components with known vulnerabilities.

Our Mission in Cybersecurity

Sanctus Solutions operates at the intersection of security and ethics, helping businesses take meaningful action to secure their digital infrastructure through responsible disclosure and expert guidance.

Integrity-Based

No exploitation, no shortcuts—verified insights supporting system safety

Proactive Protection

Staying ahead of evolving threats through offensive-defensive balance

Public Service

Mission-driven approach to protecting organizations and communities

Ready to Secure Your Digital Infrastructure?

Let our experienced team identify vulnerabilities before attackers do. Get a comprehensive security assessment with actionable recommendations.

Request Security Assessment Call 972-728-1412

Serving businesses nationwide with specialized Dallas-Fort Worth support

Frequently Asked Questions

At Sanctus Solutions, we understand that you may have questions about our cybersecurity, web development, and IT services. Below, we've compiled comprehensive answers to help you make informed decisions about protecting and enhancing your digital presence.

We provide comprehensive cybersecurity services including security consulting and audits, WordPress security hardening, endpoint protection with ThreatDown, security awareness training with KnowBe4, vulnerability assessments, and bug bounty services throughout the Dallas-Fort Worth area.

Our WordPress security hardening service is $500 flat rate with 24-48 hour turnaround. This includes REST API lockdown, security headers implementation, login protection, vulnerability fixes, and a detailed proof of work report.

Common indicators include unauthorized links (especially to gambling sites), SSL certificate warnings showing 'Your connection isn't private', unexpected redirects to scam pages, fake virus warnings, slow loading times, and suspicious admin users. We offer free security assessments to identify these issues.

Yes, we offer WordPress Watchdog service starting at $50/month for ongoing security monitoring, including monthly malware scans, login monitoring, update checks, and alert response. We also provide comprehensive managed security services for businesses.

Common vulnerabilities include exposed REST API endpoints revealing usernames, missing security headers, enabled XML-RPC allowing bot attacks, directory browsing, default 'admin' usernames, no firewall protection, outdated plugins/themes, weak file permissions, public login pages, and leaked PHP versions.

We offer comprehensive web development from HTML landing pages ($300-$500) to custom high-performance applications ($3,500+). Our services include WordPress development, business websites, security-first design, SEO optimization, and one-year maintenance included with business sites.

Our website development starts at $2,500 and includes 3 pages (expandable at $50 per page), free one-year service and maintenance, SEO tuning, and security implementation from the ground up. We also offer social media management and hosting services.

We prioritize security from the ground up with every website we build. Unlike typical web designers, we implement security measures during development, not as an afterthought. Every site includes secure coding practices, hardened server setups, injection attack protection, and cross-site scripting prevention.

Yes, we provide Standard Hosting ($85/year) and Premium Hosting ($200/year). Both include email, SSL certificates, pro website builder, and user management capabilities. Premium hosting adds enhanced security features and priority support.

HTML landing pages take 1 week, WordPress landing pages take 2 weeks, WordPress business sites take 3-4 weeks, and custom high-performance applications take 6-12 weeks. All timelines include complete testing and training.

A fractional tech partner provides ongoing tech consulting and support without hiring full-time staff. We offer Ruby ($300), Sapphire ($600), Emerald ($1,200), and Diamond ($2,200) monthly tiers with services ranging from basic website checkups to full fractional tech leadership.

The Emerald tier ($1,200/month) includes everything from Ruby & Sapphire tiers, plus up to 6 hours implementation, team training once per month, email automation setup, and quarterly tech reviews. It's perfect for full-spectrum digital support.

We focus on digital strategy, web systems, and scalable tools rather than infrastructure management. We're not an MSP - we don't provide IT network administration, hardware support, or full infrastructure management. Our expertise is in digital growth and security.

We serve businesses nationwide with remote support, digital services, and digital strategy. For Dallas-Fort Worth businesses, we also provide on-site support in Dallas, Richardson, Plano, Frisco, Garland, and McKinney.

Yes, our higher-tier partnerships include team training sessions, documentation creation, SOPs for digital processes, and onboarding/offboarding support. We focus on making your team more self-sufficient with their digital tools.

We offer standard data backup ($100 for up to 1TB), 2TB external HDD backup ($100), 1TB external SSD backup ($150), online backup storage setup ($100 setup fee), and hard drive cloning starting at $90. All services include pickup and delivery within 15 miles of Richardson, Texas.

Hard drive cloning creates exact copies of entire drives for system backup or upgrades. Pricing: 1TB SSD cloning ($90), 1TB HDD cloning ($100), with additional TB at $70 (SSD) or $40 (HDD). Includes pickup & delivery within 15 miles of Richardson.

Yes, we help set up secure cloud accounts with your choice of provider (Google, Dropbox, etc.) for $100 setup fee. You maintain control of the account and pay storage costs directly to the provider. We handle the technical setup and initial backup.

Primary service area is Richardson, Texas with free delivery within 15 miles. Extended service up to 30 miles with $1.50/mile charge. For customers beyond 30 miles, we offer mail-in service with $15 return shipping.

Our services are popular with photographers protecting large image files, professionals needing fast file access, small businesses requiring comprehensive data protection, home users backing up personal files, remote workers needing portable storage, and creative teams handling video editing and design work.

Yes, we offer Consulting Partner and White-Label Partner programs for freelance designers, WordPress developers, small agencies, and digital consultants. Both options are protected by signed non-compete agreements - we never poach clients.

We sign legally binding non-compete agreements for all partnerships. As a Consulting Partner, you remain the sole client contact and we support you as technical consultant. As a White-Label Partner, we work under your brand and appear as part of your team.

Partners can offer comprehensive WordPress security hardening including REST API protection, security headers, user enumeration blocking, version hiding, XML-RPC disable, HTTPS enforcement, plugin protection, PHP upgrades, and firewall integration - all backed by our technical expertise.

Yes, partners can offer our WordPress Watchdog service to their clients, providing ongoing security monitoring, malware scans, login monitoring, and system updates. This creates recurring revenue opportunities while ensuring client websites stay secure.

We provide comprehensive services in Dallas, Fort Worth, Richardson, Plano, Irving, Frisco, Allen, McKinney, Garland, and surrounding communities. On-site support is available locally, while digital services (web development, cybersecurity consulting) are available nationwide.

Yes, we provide 24-48 hour security response times across the Dallas metro area. For active clients, we offer reliable emergency response for security incidents, website compromises, and critical system issues.

For compromised sites, malware removal is needed first before our preventative hardening service. We can coordinate malware removal and then implement comprehensive security measures to prevent future compromises. Our WordPress security hardening is preventative, not remedial.

Support varies by service: WordPress business sites include free one-year maintenance, WordPress security hardening includes detailed reports and optional ongoing monitoring, fractional tech partnerships include ongoing support as part of monthly services, and data backup services include training and verification.

Response times vary by service: WordPress security hardening (24-48 hours), HTML landing pages (1 week), WordPress sites (2-4 weeks), custom applications (6-12 weeks), data backup (same day for local clients), and security consultations (within 1 business day for quotes).

Latest Cybersecurity Tips

Discover expert cybersecurity advice and digital security insights.

Latest from Our Blog

Website Designer in Dallas- Forth Worth: Why Sanctus Solutions Is the Best Choice

Website Designer in Dallas- Forth Worth: Why Sanctus Solutions Is the Best Choice

If you’re searching for a website designer in Richardson, TX or Dallas-Fort Worth, you already know that your online presence matters more than ever. A professional website is no longer optional—it’s the foundation of how customers discover, trust, and engage with your business. At Sanctus Solutions, we combine website design, technology consulting, and cybersecurity services to give small businesses, nonprofits, and contractors in North Texas a competitive edge.

By Unknown Author • 9/14/2025
Cloud Backup Dallas: Sanctus Solutions Protects Your Business Data

Cloud Backup Dallas: Sanctus Solutions Protects Your Business Data

In today’s digital economy, businesses across Dallas, Texas rely on data every single day. From customer records to contracts, losing access can mean downtime, lost revenue, and damaged trust. That’s why Sanctus Solutions offers secure cloud backup services in Dallas designed to keep your business data safe, accessible, and protected against threats.

By Unknown Author • 9/11/2025
Richardson Texas Website Design and Technology Consulting: Sanctus Solutions for Local Growth

Richardson Texas Website Design and Technology Consulting: Sanctus Solutions for Local Growth

In today’s competitive digital world, every business in Richardson, Texas needs more than just a website—it needs a powerful online presence backed by secure technology. That’s where Sanctus Solutions comes in. As a local partner specializing in website design and technology consulting in Richardson, TX, we help businesses build modern, secure websites while streamlining their tech systems for long-term success.

By Unknown Author • 9/11/2025
View All Posts

See What Dallas Says

Real Stories. Real Satisfaction

Testimonial 1 Testimonial 2 Testimonial 3 Testimonial 4 Testimonial 5

Your Dallas Business Needs This!

Hire Dallas Cybersecurity Expert

WordPress security ($500), fractional tech partner services, and security-conscious web design for Dallas businesses.

Or schedule a call: Book Dallas Security Consultation
24hr Response
Free Consultation
Enterprise Grade