AppCheck news & events

AppCheck Webinar: Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) is by far the most widespread high impact vulnerability, present even in the best of web applications, regardless of the framework or programming language employed - a burly steadfast member of the OWASP Top Ten.
Here at AppCheck the client-side nature of typical XSS has led to a general underappreciation of its exploitation potential, though a good understanding of the vulnerability and its subtle variations will show how it can be used to devastating effect... and more importantly: how it can be avoided.
In this seminar we will build up piece-by-piece an understanding of XSS that spares no detail.

read more

AppCheck NG Acknowledged by Microsoft, EBay, AT&T and Adobe

The Appcheck Web Application scanner is developed in conjunction with a team of around 20 experienced penetration testers and as such deploys the very latest techniques in vulnerability detection from the front lines. Included in those techniques is our ability to detect DOM Based Cross Site Scripting vulnerabilities using a combination of static and run-time analysis of JavaScript and Flash content. Unlike most SaaS vulnerability scanners, AppCheck NG deploys both lexical and browser based analysis of each assessed application component to ensure modern JavaScript heavy and Flash based applications are fully explored for vulnerabilities. This technology allows AppCheck to detect security flaws in components other scanners will fail to detect.

Read more

AppCheck Updated to Detect CVE-2015-0235 (a.k.a. GHOST)

The “GHOST” vulnerability is a security flaw within a key component of the Linux Operating System. The affected component “gethostbyname” is found in the Linux GNU C Library that is used by all Linux programs. If an attacker can pass a specially crafted hostname to the affected function it may be possible to execute malicious code on the system.

Read more

Drupal 7 SQL Injection – Use AppCheck NG to Discover if You Are Affected

Drupal is a popular open source content management system (CMS). The CMS platform is used by hundreds of thousands of organisations globally and has one of the largest user communities.

On 15th October 2014, a pre-authentication SQL injection vulnerability (CVE-2014-3704) was disclosed after a code audit of Drupal extensions. The vulnerability was found in the way Drupal handles prepared statements meaning a malicious user can inject arbitrary SQL queries and control the Drupal installation.

Read more

Shell Shock Vulnerability – Use AppCheck NG to Discover if You Are Affected

On the 24th September 2014, a remote code execution vulnerability in bash (CVE-2014-6271) was made public after its discovery by Stephane Chazelas. The flaw, dubbed “Shell Shock” has been given the highest CVSS impact and exploitability rating of 10; and affects all versions of bash between 1.14.0 and 4.3, having existed in bash for 22 years. The flaw affects any operating system and application that utilises the bash shell, including Linux, MacOSX, and Cygwin environments on Windows.

Read more

Time for Better Web App Security as SQL & XSS Threats Surge

A recent report revealed a 32% increase in cross-site scripting (XSS) and SQL injection attacks on the web-facing and cloud applications that carry sensitive information about organisations and their customers.

Read more

AppCheck NG Updated to Discover Critical OpenSSL Bug “Heartbleed”

On 7th April 2014 a group of security researchers disclosed a critical security flaw in the popular cryptographic software library OpenSSL.
The Heartbleed Bug allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.
The AppCheck NG Web Application and Infrastructure vulnerability scanner has already been updated with a plugin to detect the flaw.

Read more