AppCheck Security Blog

BlackHat & Defcon 2018 updates

Each year at the beginning of August the world’s best security researchers and hackers get together for two annual security conferences; BlackHat and Defcon. Each conference takes place over three days where the latest and greatest new hacking techniques are presented.

read more

BlackHat & Defcon 2018 updates

Each year at the beginning of August the world’s best security researchers and hackers get together for two annual security conferences; BlackHat and Defcon. Each conference takes place over three days where the latest and greatest new hacking techniques are presented.

Read more

AppCheck & The GDPR

There is no doubt that the GDPR is serious business. AppCheck has noticed a significant shift in focus by company executives, taking a much more active interest in security matters since the GDPR, and specifically the fines were introduced. Naturally, with that comes a never-ending list of vendors claiming to solve the GDPR problem. In truth, no one product or service can achieve compliance, rather the GDPR requires a strategy that includes a thorough understanding of your responsibilities, exposure and requirements to demonstrate compliance with the six principals of the GDPR.

Read more

Detect Rogue JavaScript Crypto-Miners with AppCheck

Browser based Crypto-Mining malware has made a dramatic resurgence in 2018 hitting the headlines on several occasions over the past month. Most recently, two major campaigns affecting thousands were reported by The Register with those affected ranging from YouTube to the UK’s Information Commissioner’s Office.

Read more

Hunting HTML 5 PostMessage Vulnerabilities

AppCheck partnered with Sec-1 Ltd to undertake a research project investigating the security challenges posed by next generation web applications. The project included an investigation of Cross-Origin communication mechanisms provided via HTML5 including postMessage and CORS.

One of the key findings from the research shows that vulnerabilities introduced through an insecure postMessage implementation are frequently missed by security scanners and consultants performing manual review.

Read more

Detecting Delayed Execution Vulnerabilities

AppCheck Sentinel is an external monitoring system designed to detect Out-of-Band events such as DNS Lookups and HTTP requests. Its’ function in Web Application scanning is to aid the detection of vulnerabilities that cannot be identified through the use of conventional scanning techniques.

Read more

Adobe Fixes HTML5 PostMessage Security Flaw

AppCheck has identified a significant security flaw affecting a common JavaScript component provided as part of the Adobe Marketing Cloud. The flaw affected many high profile applications including several banking sites and well known .com organisations, and has now been fixed by the vendor.

Read more

HTML 5 Security

In this video series we discuss the common security flaws encountered in HTML5 enabled websites. Our focus is around Cross-Origin communication through postMessage and CORS.

Read more

AppCheck NG Acknowledged by Microsoft, EBay, AT&T and Adobe

The Appcheck Web Application scanner is developed in conjunction with a team of around 20 experienced penetration testers and as such deploys the very latest techniques in vulnerability detection from the front lines. Included in those techniques is our ability to detect DOM Based Cross Site Scripting vulnerabilities using a combination of static and run-time analysis of JavaScript and Flash content. Unlike most SaaS vulnerability scanners, AppCheck NG deploys both lexical and browser based analysis of each assessed application component to ensure modern JavaScript heavy and Flash based applications are fully explored for vulnerabilities. This technology allows AppCheck to detect security flaws in components other scanners will fail to detect.

Read more

50,000 Websites Hacked Through Critical WordPress Vulnerability

Over 50,000 websites have been compromised within the first three weeks following the disclosure of a critical vulnerability in the MailPoet plugin (formerly known as Wysija Newsletter) for WordPress.

Read more

Time for Better Web App Security as SQL & XSS Threats Surge

A recent report revealed a 32% increase in cross-site scripting (XSS) and SQL injection attacks on the web-facing and cloud applications that carry sensitive information about organisations and their customers.

Read more