AppCheck Security Blog
Featured post
An Introduction to SQL Injection (SQLi)
/ Posted March 12, 2020
Injection attacks are the most common type of fault found in web applications, they are usually the result of unfiltered user input being directly included into command executions or database queries.
read moreFilter by:
An Introduction to SQL Injection (SQLi)
Research / Posted March 12, 2020
Injection attacks are the most common type of fault found in web applications, they are usually the result of unfiltered user input being directly included into command executions or database queries.
Read moreWeb cache poisoning explained
Research / Posted March 09, 2020
A cache in computing is a temporary store of any content that has been retrieved from its original (master) source. Caches are typically used so that the data can be served faster the next time it is requested, since it needs only be retrieved from the local cache rather than the original source. The problem from a security point of view is that any response that is successfully cached will by design be stored and served to other users, and in some circumstances this can lead to problems.
Read moreWhat is Cross-Site Scripting and how to prevent it
Research / Posted January 11, 2020
Cross-Site Scripting or “XSS” is one of the most common vulnerabilities found in web applications. XSS made up nearly 40 per cent of all attacks logged by security researchers in recent years, who also noted that almost 75 per cent of large companies across Europe had been targeted over the last year.
Read moreAppCheck Scan Template for Pulse Secure CVE-2019-11510
Product Research Security Alerts / Posted January 09, 2020
AppCheck have released a scan template which will run a quicker scan and check for the above vulnerability. Specifically, the module will look to detect a critical security flaw in Pulse Secure’s Zero Trust Remote Access VPN.
Read moreAppCheck Scan Template for Citrix Vulnerability CVE-2019-19781
Product Research Security Alerts / Posted January 09, 2020
AppCheck have released a scan template to detect a remote code execution flaw in Citrix appliances.
Read moreAppCheck Plug-in for Citrix Vulnerability CVE-2019-19781
Product Research Security Alerts / Posted December 18, 2019
AppCheck have released a plug-in to detect a remote code execution flaw in Citrix appliances.
Read moreUnicode Normalization Vulnerabilities & the Special K Polyglot
Research / Posted September 02, 2019
Many applications and systems have adopted Unicode as a method of encoding and storing string data. This blog post looks at some of the security flaws that can arise due to Unicode Normalization in modern web applications.
Read moreNew feature announcement: Subdomain takeover audit
Product Research Security Alerts / Posted June 18, 2019
AppCheck has released a new detection module available to all customers to scan for subdomain takeover vulnerabilities.
Read moreSAP Hybris Commerce CVE-2018-2505 Vulnerability Discovered
News Research Security Alerts / Posted March 18, 2019
The AppCheck research team identified a security flaw (CVE-2018-2505) within SAP Hybris affecting many large online retailers. The security flaw was due to an insecure JavaScript library that allows malicious JavaScript to be injected into a user’s session with the affected Hybris application.
Read moreAdvisory: Remote Code Execution Traccar Server <=4.0 (AC-2018-10-8-1)
Research Security Alerts / Posted December 04, 2018
Our security team discovered a Remote Code Execution (RCE) vulnerability in the GPS vehicle tracking system Traccar (version <= 4.0). This allows an attacker to compromise the server’s host via a self-registered user account.
Read more