AppCheck Security Blog

An Introduction to SQL Injection (SQLi)

Injection attacks are the most common type of fault found in web applications, they are usually the result of unfiltered user input being directly included into command executions or database queries.

read more

An Introduction to SQL Injection (SQLi)

Injection attacks are the most common type of fault found in web applications, they are usually the result of unfiltered user input being directly included into command executions or database queries.

Read more

Web cache poisoning explained

A cache in computing is a temporary store of any content that has been retrieved from its original (master) source. Caches are typically used so that the data can be served faster the next time it is requested, since it needs only be retrieved from the local cache rather than the original source. The problem from a security point of view is that any response that is successfully cached will by design be stored and served to other users, and in some circumstances this can lead to problems.

Read more

What is Cross-Site Scripting and how to prevent it

Cross-Site Scripting or “XSS” is one of the most common vulnerabilities found in web applications. XSS made up nearly 40 per cent of all attacks logged by security researchers in recent years, who also noted that almost 75 per cent of large companies across Europe had been targeted over the last year.

Read more

AppCheck Scan Template for Pulse Secure CVE-2019-11510

AppCheck have released a scan template which will run a quicker scan and check for the above vulnerability. Specifically, the module will look to detect a critical security flaw in Pulse Secure’s Zero Trust Remote Access VPN.

Read more

AppCheck Scan Template for Citrix Vulnerability CVE-2019-19781

AppCheck have released a scan template to detect a remote code execution flaw in Citrix appliances.

Read more

AppCheck Plug-in for Citrix Vulnerability CVE-2019-19781

AppCheck have released a plug-in to detect a remote code execution flaw in Citrix appliances.

Read more

Unicode Normalization Vulnerabilities & the Special K Polyglot

Many applications and systems have adopted Unicode as a method of encoding and storing string data. This blog post looks at some of the security flaws that can arise due to Unicode Normalization in modern web applications.

Read more

New feature announcement: Subdomain takeover audit

AppCheck has released a new detection module available to all customers to scan for subdomain takeover vulnerabilities. 

Read more

SAP Hybris Commerce CVE-2018-2505 Vulnerability Discovered

The AppCheck research team identified a security flaw (CVE-2018-2505) within SAP Hybris affecting many large online retailers. The security flaw was due to an insecure JavaScript library that allows malicious JavaScript to be injected into a user’s session with the affected Hybris application.

Read more

Advisory: Remote Code Execution Traccar Server <=4.0 (AC-2018-10-8-1)

Our security team discovered a Remote Code Execution (RCE) vulnerability in the GPS vehicle tracking system Traccar (version <= 4.0). This allows an attacker to compromise the server’s host via a self-registered user account.

Read more