X CLOSE

Enter your email below to sign up for latest updates from Appcheck NG.

News

BlackHat & Defcon 2018 Updates

Each year at the beginning of August the world’s best security researchers and hackers get together for two annual security conferences; Black hat and Defcon. Each conference takes place over three days where the latest and greatest new hacking techniques are presented. One thing is for sure, malicious actors are paying attention, and hope to […]

Read More

AppCheck & The GDPR

AppCheck & The GDPR at a glance Download the pdf here Appcheck and GDPR There is no doubt that the GDPR is serious business. AppCheck has noticed a significant shift in focus by company executives, taking a much more active interest in security matters since the GDPR, and specifically the fines were introduced. Naturally, with […]

Read More

Hacks, Trends and That GDPR Thing with AppCheck

With the door closed on another year within the ever-expanding cyber security industry, we can look back on some significant moments in 2017 and look forward to a very exciting year for AppCheck in 2018. We have all seen the major hacks that have been constantly reported in the media over 2017 and there is […]

Read More

AppCheck Discovers Vulnerability in Auth0 Library (CVE-2017-17068).

AppCheck discovered a security flaw within the auth0.js JavaScript library that could be exploited by a malicious website to read sensitive access tokens cross-domain. About Auth0 Auth0 provides authentication solutions for a variety of platforms including the ability to integrate social media authentication into an application. “We solve the most complex identity use cases with […]

Read More

Critical Joomla 3.7 SQL Injection Vulnerability Patched

On the 17th of May 2017, the Joomla team issued a patch for a high severity security flaw that could allow a remote unauthenticated attacker to execute arbitrary SQL queries on the target system. A malicious attacker could exploit this flaw to read, create, modify and delete data stored within the database. It is also […]

Read More

Detecting and Exploiting the PHPMailer RCE

On the 25th of December 2016, a security researcher disclosed a critical security flaw within a popular PHP library used to send emails. The PHPMailer library is used by more than 9 million websites worldwide and is bundled with popular open source PHP content management systems such as WordPress. At worst the flaw could be […]

Read More

Scan & Secure WordPress with AppCheck

WordPress WordPress is the worlds leading Content Management System (CMS) accounting for approximately 27% of all websites on the Internet. As such, WordPress is a common target for malicious attackers and malware authors aiming to propagate malicious software by compromising websites. Almost all studies into the most commonly compromised CMS based websites list WordPress as […]

Read More

High Severity Joomla Vulnerability Patched

On the 25th of October 2016, the Joomla team issued a patch for a high severity security flaw that could allow a remote unauthenticated attacker to create administrative accounts on the target system. AppCheck was updated on the same day to detect and safely exploit the vulnerability. Our security researchers observed scanning for this flaw […]

Read More

Hunting HTML 5 PostMessage Vulnerabilities

Download Paper: Hunting postMessage Vulnerabilities Download Sample Code: sample code AppCheck partnered with Sec-1 Ltd (http://www.sec-1.com) to undertake a research project investigating the security challenges posed by next generation web applications. The project included an investigation of Cross-Origin communication mechanisms provided via HTML5 including postMessage and CORS. One of the key findings from the research […]

Read More

Adobe Fixes HTML5 PostMessage Security Flaw

AppCheck NG has identified a significant security flaw affecting a common JavaScript component provided as part of the Adobe Marketing Cloud. The flaw affected many high profile applications including several banking sites and well known .com organisations, and has now been fixed by the vendor. When imported, the affected JavaScript components adds a vulnerable postMessage […]

Read More