AppCheck Security Blog

Scanning GraphQL for Vulnerabilities with AppCheck

AppCheck is pleased to announce enhanced support for scanning GraphQL based APIs. In this post we take a brief look at GraphQL and some of the security implications surrounding the technology.

read more

Scanning GraphQL for Vulnerabilities with AppCheck

AppCheck is pleased to announce enhanced support for scanning GraphQL based APIs. In this post we take a brief look at GraphQL and some of the security implications surrounding the technology.

Read more

The Importance of Regular Vulnerability Scanning

In an earlier article we have covered the importance of vulnerability scanning and why it remains a powerful tool in your security arsenal – in this article we will examine specifically why it is important to leverage one of the most powerful advantages that dynamic application security testing (DAST) or vulnerability scanning has over manual penetration testing: its ability to be scheduled for frequent or continuous assessment.

Read more

Common e-commerce vulnerabilities and how to remedy

Modern e-commerce encompasses a broader network of activities and services relating to electronically buying or selling of products on online services or over the Internet. We explore common vulnerabilities that can occur within e-commerce sites and most importantly, how to remedy these.

Read more

Got Swagger? How mapping your API helps to protect it.

API security is often barely mentioned. Web application developers are, broadly, aware of vulnerabilities such as the OWASP Top 10, but these barely or tangentially mention API security as of the latest (2017) update.

This may not have been an issue historically, however APIs are no longer a niche or secondary form of traffic. API calls now represent 83 percent of web traffic, according to traffic review detailed in a recent report.

Read more

SaltStack scanning tool to detect CVE-2020-11651 & CVE-2020-11652

These CVE's are now being actively exploited in the wild and so we have created a free standalone scanner to detect and report on these.

Read more

Secure inclusion of third party content using SOP, CSP, SRI & CORS

In this article we’ll take a look at how the origin of resources loaded by your web application – such as third party JavaScript – can impact the security of your organisational and customer data.

Read more

An Introduction to Web Shells

A web shell is a web-based implementation of the shell concept. There’s plenty of legitimate examples where a web shell might be useful functionality – for example to provide an administrative web GUI to an appliance such as a firewall, but for the purposes of this article we will consider malicious web shells - scripts that can be uploaded by an attacker to a web server to enable remote administration of the machine unknown to the system’s proper owner.

Read more

Injection Attacks: An Introduction

Read more

What is Cross-Site Scripting and how to prevent it

Cross-Site Scripting or “XSS” is one of the most common vulnerabilities found in web applications. XSS made up nearly 40 per cent of all attacks logged by security researchers in recent years, who also noted that almost 75 per cent of large companies across Europe had been targeted over the last year.

Read more

An Introduction to SQL Injection (SQLi)

Injection attacks are the most common type of fault found in web applications, they are usually the result of unfiltered user input being directly included into command executions or database queries.

Read more