Featured post
/ Posted October 20, 2022
In this blog post, we take a deeper than usual dive into the topic of file upload vulnerabilities: we look at the mechanisms that operate underneath the hood when uploading and storing files on a webserver, and at how these can be exploited by attackers if developers fail to adequately ensure their safe implementation and operation.
read moreFilter by:
Research / Posted October 20, 2022
In this blog post, we take a deeper than usual dive into the topic of file upload vulnerabilities: we look at the mechanisms that operate underneath the hood when uploading and storing files on a webserver, and at how these can be exploited by attackers if developers fail to adequately ensure their safe implementation and operation.
Read moreResearch / Posted September 28, 2022
This blog post aims to introduce a few of the key OSINT techniques, look at who makes use of OSINT, explore how OSINT can be used in the cyber security space to aid in the enumeration phase of a web application security assessment.
Read moreResearch / Posted September 13, 2022
We take a look at some of the World's Strangest Hacks. From MI6 Mojito Cupcakes to a Godzilla rampage in San Francisco, there are plenty of weird breaches to explore!
Read moreResearch / Posted August 04, 2022
In this blog post, we look at how exactly session hijacking works in practice, the underlying mechanics of session management that permit it to occur, how attackers may choose to exploit the weakness when it is discovered, and how website users and site administrators can best safeguard themselves and their organisations against the exploit.
Read moreResearch / Posted July 28, 2022
In this blog post, we investigate how and why HTTP parameter pollution is possible at all, how it can potentially be exploited to undermine web application security, and how it can be guarded against by developers, system architects and others.
Read moreResearch / Posted July 01, 2022
In this blog post, we examine what cryptocurrency is, how it works, and how its fundamental principles of operation can encourage the illicit activity known as cryptojacking. We also investigate the scale of the problem to date, and how it can best be guarded against, as well as detected should it occur.
Read moreResearch / Posted June 28, 2022
Brute force attacks are those attacks that rely purely on exhaustive effort rather than sophisticated techniques performed. They are used by attackers in several cybersecurity spheres including against encryption and authentication systems. We look at then different types of brute force attacks and the ways in which they can be avoided.
Read moreResearch / Posted June 08, 2022
In this blog post, we look at how filepath manipulation can occur at a technical level, at how attackers may seek to exploit such vulnerabilities, and at how developers and system administrators within an organisation can best guard against falling victim to such exploits.
Read moreResearch / Posted June 01, 2022
In this blog post we will review what cookies are, why cookies are needed at all, how cookies work, the weaknesses that cookies can be prone to both inherently as well as if implemented incorrectly, and how both website operators and general web users can help to ensure their secure implementation and usage.
Read moreResearch Security Alerts / Posted May 26, 2022
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.
Read more