Menu
The Appcheck Web Application scanner is developed in conjunction with a team of around 20 experienced penetration testers and as such deploys the very latest techniques in vulnerability detection from the front lines. Included in those techniques is our ability to detect DOM Based Cross Site Scripting vulnerabilities using a combination of static and run-time analysis of JavaScript and Flash content. Unlike most SaaS vulnerability scanners, AppCheck deploys both lexical and browser based analysis of each assessed application component to ensure modern JavaScript heavy and Flash based applications are fully explored for vulnerabilities. This technology allows AppCheck to detect security flaws in components other scanners will fail to detect.
To demonstrate this technology the AppCheck scanner was used to scan some of the most high profile sites on the internet including Bing, Microsoft, MSN, eBay, AT&T and Adobe. In each case, DOM based XSS vulnerabilities were discovered and reported to the vendor.
To reward responsible disclosure Appcheck has been credited by each vendor via their respective bug bounty programs;
Microsoft credited Appcheck for DOM XSS discovery in bing.com, microsoft.com and msn.com: Acknowledgement Archive
February 2015: February 2015
eBay Credited Appcheck for discovery of Adobe Flash based XSS; Link
AppCheck researcher Nico (nijagaw) was awarded a Bug Bounty for the discovery of a Persistent XSS flaw by Adobe. https://hackerone.com/adobe/thanks
AT&T entered AppCheck Ninto its Bug Bounty Hall of Fame: AT&T Hall of fame
No software to download or install.
Contact us or call us 0113 887 8380
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorized by te Common Vulnerabilities and Exposures (CVE) Program aas a CVE Numbering Authority (CNA)
