AppCheck news & events

New feature announcement: Subdomain takeover audit

AppCheck has released a new detection module available to all customers to scan for subdomain takeover vulnerabilities. 

read more

WordPress 4.5.1 Cross-Site Scripting (CVE-2016-4566)

WordPress versions 4.5.1 and earlier are affected by a XSS vulnerability through Plupload,the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.

Read more

Critical Security Flaw in ImageMagick (imagetragick)

A vulnerability with a widely deployed image processing library was disclosed on the 5th of May 2016. Within an hour of the disclosure AppCheck NG was updated to detect the flaw.

A Practical View of the Most Common Threats Facing Web Apps Today
The Web Application Security seminar is a free event that presents a detailed analysis of the most common threats facing web applications today. We will review high profile examples and provide a technical breakdown of critical security flaws along with an introduction into emerging technologies such as HTML5.
Each candidate will receive a copy of the slides and exclusive tools and exploit code used in the live hacking demonstrations.

Read more