Menu

Bug Bounty Portfolio Ethical Vulnerability Research

A curated collection of responsible vulnerability disclosures made by Sanctus Solutions. Ethical vulnerability disclosures. Real threats. Responsible action.

Request Security Assessment View Portfolio

About the Researcher

Brennan Bosco - Director of Communications

Brennan Bosco

Director of Communications

bbosco@sanctus-solutions.com 214-766-6504

Brennan Bosco is a cybersecurity analyst and ethical hacker with hands-on experience identifying real-world vulnerabilities—from misconfigured web servers to exposed plugins and authentication flaws. He is trained through NGT Academy and certified in both red and blue team operations.

Professional Approach

Ethical Testing

No exploitation, no shortcuts—just verified insights

Responsible Disclosure

Clear communication and public service mission

Red & Blue Team

NGT Academy certified in offensive and defensive operations

Vulnerability Disclosures

Case Study: Sensitive Log File Exposure & Outdated PHP

June 2025 Patched Non-intrusive verification

Vulnerability Summary

During a responsible security audit of a live WordPress installation, Sanctus Solutions identified a publicly accessible debug.log file within the /wp-content/ directory.

Critical Finding: 52GB log file with byte-range access

The server was also running PHP 7.4.33, which reached end-of-life in 2022, increasing the site's vulnerability to known exploits.

Risks Identified

  • Potential leakage of plugin info and error logs
  • Server file paths and user data exposure
  • Risk of targeted scraping or automated recon
  • Server fingerprinting through exposed headers

Recommendations Provided

  • Disable WP_DEBUG_LOG in production
  • Remove or restrict access to debug.log file
  • Upgrade PHP to supported version (8.2+)
  • Turn off expose_php directive

Technical Verification Methods

Command-line verification using curl
In-browser access testing
Header analysis and examination
Non-intrusive verification only

Technical Assessment Methods

Non-Intrusive Testing

Responsible testing without exploitation or system damage

Command-Line Verification

Using curl and other tools for confirmation testing

Browser Testing

In-browser access testing for user-facing vulnerabilities

Header Analysis

Server response header examination and fingerprinting

Risk Categories Identified

Data Exposure

Sensitive log files accessible without authentication, revealing system information and user data.

Information Disclosure

Server version information exposed through headers, enabling targeted attacks.

Security Misconfiguration

Debug logging enabled in production environments, creating unnecessary security risks.

Outdated Software

End-of-life PHP versions and outdated components with known vulnerabilities.

Our Mission in Cybersecurity

Sanctus Solutions operates at the intersection of security and ethics, helping businesses take meaningful action to secure their digital infrastructure through responsible disclosure and expert guidance.

Integrity-Based

No exploitation, no shortcuts—verified insights supporting system safety

Proactive Protection

Staying ahead of evolving threats through offensive-defensive balance

Public Service

Mission-driven approach to protecting organizations and communities

Ready to Secure Your Digital Infrastructure?

Let our experienced team identify vulnerabilities before attackers do. Get a comprehensive security assessment with actionable recommendations.

Request Security Assessment Call (972) 728-1412

Serving businesses nationwide with specialized Dallas-Fort Worth support

Our Services

Explore our comprehensive range of digital solutions

Api Integration Cloud Solutions CMS Custom Software Development Data Analytics Database Management Devops Digital Marketing E Commerce Development Performance Optimization Responsive Design Search Engine Optimization Secure Hosting Security Audits UX UI Design We Fix Websites Web Development Website Support Maintenance Api Integration Cloud Solutions CMS Custom Software Development Data Analytics Database Management Devops Digital Marketing E Commerce Development Performance Optimization Responsive Design Search Engine Optimization Secure Hosting Security Audits UX UI Design We Fix Websites Web Development Website Support Maintenance

Frequently Asked Questions

At Your Virtual Office, we understand that choosing a virtual assistant service is an important decision for your business. Below, we've compiled answers to the most frequently asked questions to help you understand our services and how we can help you become an Empire Builder.

Our Dallas cybersecurity audit includes vulnerability scanning, penetration testing, configuration review, compliance assessment, and detailed reporting with prioritized remediation recommendations. We identify exposed REST APIs, missing security headers, weak authentication, and other critical vulnerabilities that attackers target.

Our WordPress security hardening service is a flat rate of $500 with 24-48 hour turnaround. This includes REST API lockdown, security headers implementation, login protection, plugin security review, and comprehensive documentation of all changes made.

Yes, we offer ongoing security monitoring through our fractional tech partner programs starting at $300/month. This includes 24/7 threat monitoring, security incident response, regular vulnerability assessments, and proactive security updates.

We assist Dallas businesses with various compliance requirements including HIPAA for healthcare, PCI DSS for payment processing, SOC 2 for service organizations, and general data protection best practices. Our audits identify compliance gaps and provide remediation guidance.

Most WordPress sites are fully secured within 24-48 hours after access is provided. We lock down REST API endpoints, implement security headers, disable XML-RPC, hide version information, and configure firewall rules. If we notice any red flags requiring extra investigation, we notify you upfront.

Our website development starts at $2,500 and includes 3 pages (expandable), free one-year maintenance, discounted addon features, SEO optimization, and security implementation from the ground up. Additional pages are $50 each, with photo/video editing available on a case-by-case basis.

Our WordPress hardening service is preventative. For compromised sites, we recommend malware removal and recovery services first. Once your site is cleaned, we apply our comprehensive hardening package to prevent future attacks and maintain ongoing security.

Absolutely! Most web designers focus on aesthetics and functionality, not backend security. We specialize in securing existing websites regardless of who built them. Our security hardening addresses vulnerabilities that are commonly missed during initial development.

We provide cybersecurity and web design services throughout Dallas, Fort Worth, Richardson, Plano, Irving, Frisco, Allen, McKinney, and the entire Dallas-Fort Worth metroplex. On-site support is available for local businesses, with remote support available nationwide.

Yes, we offer 24-48 hour response time for security incidents across the Dallas metro area. Our emergency services include incident response, breach containment, forensic analysis, and immediate security hardening to prevent further compromise.

Our fractional tech partner program provides Dallas businesses with ongoing IT strategy and security support without hiring full-time staff. Services range from $300-$2,200/month and include security oversight, technology planning, vendor management, and strategic consulting.

Yes! We offer white-label and consulting partnerships with Dallas web designers and developers. We provide the security expertise they need while they maintain full client relationships. All partnerships are protected by signed non-compete agreements - we never poach clients.

See What Houston Says

Real Stories. Real Satisfaction

Testimonial 1 Testimonial 2 Testimonial 3

You Want This!

Transform Your Security Today

Get started with enterprise-grade security solutions.

Or schedule a call: Book a Consultation
24hr Response
Free Consultation
Enterprise Grade