AppCheck Security Blog

HTML 5 Security

In this video series we discuss the common security flaws encountered in HTML5 enabled websites. Our focus is around Cross-Origin communication through postMessage and CORS.

read more

HTML 5 Security

In this video series we discuss the common security flaws encountered in HTML5 enabled websites. Our focus is around Cross-Origin communication through postMessage and CORS.

Read more

AppCheck NG Acknowledged by Microsoft, EBay, AT&T and Adobe

The Appcheck Web Application scanner is developed in conjunction with a team of around 20 experienced penetration testers and as such deploys the very latest techniques in vulnerability detection from the front lines. Included in those techniques is our ability to detect DOM Based Cross Site Scripting vulnerabilities using a combination of static and run-time analysis of JavaScript and Flash content. Unlike most SaaS vulnerability scanners, AppCheck NG deploys both lexical and browser based analysis of each assessed application component to ensure modern JavaScript heavy and Flash based applications are fully explored for vulnerabilities. This technology allows AppCheck to detect security flaws in components other scanners will fail to detect.

Read more

Security Flaw Fixed in Popular Joomla Extension VirtueMart (CVE-2015-2193)

On the 10th of February 2015 Appcheck reported several security flaws in the popular VirtueMart eCommerce extension for Joomla (Version 3.0.2). A fix has since been made available via http://virtuemart.net/ although no official announcement was released by the vendor.

Read more

SafeNet SAS OWA Agent Directory Traversal Vulnerability

On the 18th August, 2014, AppCheck reported a Directory Traversal Vulnerability in the SafeNet SAS Outlook Web Access Agent that, without requiring any user authentication, allows a remote attacker to gain access to any file located on the remote server’s local hard drives.

Read more

Unpatched Vulnerabilities in Magento E-Commerce Platform

On April 8th 2014, AppCheck reported several Cross Site Scripting Vulnerabilities in the Magento e-commerce platform via the eBay bug bounty program.  eBay responded to inform us that the vulnerabilities had already been reported.

However, since more than 6 months have passed and no fix is yet available, This advisory is intended to inform Magento administrators of the vulnerability so that action can be taken to mitigate the flaw.

Read more