CyberWhite sat down with our Head of Development, Graham Bacon, to discuss all things AppCheck. You can read the full interview below.
What sets AppCheck apart from others in the industry?
There are a several things that make us different, but one of the biggest is our penetration testing background. When AppCheck started life, it was never intended to be a commercial tool, it was designed to help automate work that was being undertaken through manual penetration tests. Over time it grew into a very comprehensive tool that, was more often than not, discovering more vulnerabilities than traditional penetration testing methods. This is down to our engineers having a deep understanding of the importance of crawling all of a website’s attack surface, being able to test those areas for vulnerabilities and then how to build that methodology into our scanner.
This has enabled us to detect some of the hardest to reach security flaws using a unique first principles methodology that is really setting us apart from other tools. Not only are we the only vendor in the UK that can deliver this type of service, we are one of very few globally. Our offering is extremely unique and it’s our approach and methodology that is setting us apart even further within our field.
What is your favourite thing about working for AppCheck?
Since I’ve joined we have continually experienced rapid growth in both customer acquisition and the technological challenges in meeting that growth. Combined with the constant need to stay relevant and keep ahead of the curve requires us to be constantly be researching new threat vectors.
As a company we are making a genuine effort towards innovation. Our developers are given creative flexibility to explore new ideas outside of their current workload. They are encouraged to think outside of the current hemisphere as this is where innovation comes from.
This is a really refreshing approach and I think a big part of the reason we are so successful as a company.
What is the priority for AppCheck as an organisation? What do you look to achieve from your activity?
Presently we are looking at increasing our product range, we have an amazing DAST scanner and a great team supporting it so it’s now time to see what we can do in other spaces, using the information and lessons we have from application scanning and applying them to other security areas.
What will be the biggest threat to a company’s security in 2020?
Sadly it’s almost always a company’s internal processes that are the biggest threat to itself, there is no magic bullet solution to security. You can have all the tools and solutions in the world but unless you follow through with action, i.e. do your patching, fix your bugs and update your systems and conduct regular testing you are leaving yourself open.
By conducting regular vulnerability scanning and being aware of your security threats, this becomes a lot easier to keep on top of.
What is the culture like within AppCheck?
I have been here since the very early days and culture has always been something that is very important to us. Without sounding too cliché, we do try and have a “work hard, play hard” environment. Working for a fast paced security software company, there are times when it’s all hands on deck, but the flip side is that we also want all employees to enjoy coming to work and being able to let their hair down when the time is right.
While we don’t expect everyone to join in all events, we throw a number of events during the year from going to the races as a group in the summer, quarterly updates as to the state of the business with pizza and beer to the obligatory Christmas party. Everybody gets along really well and it’s doing things like this that encourages teams to intermingle. A beer fridge for Fridays, Mario kart and the pool table certainly helps with that.
What are your biggest challenges within AppCheck?
Research. We work in a space with constantly changing attack vectors and new vulnerabilities are discovered all the time. Even when we are not conducting our own research, we are implementing the latest findings in the field, all of this is an important part of staying relevant.
The other side of that is ensuring we give our clients the best possible support. One of the areas we have always prided ourselves on at AppCheck is to be accessible to anyone, even people who are not security professionals. With that comes a need to make sure that we present often complex information in an easily digestible way or make it easier to validate vulnerabilities.
AppCheck hosts a lot of free educational events across the year – what do you hope the biggest takeaway is for delegates?
That they were unaware that some of the stuff we and hackers do, was even possible and in a lot of cases, just how easy some of these vulnerabilities are to exploit. There is a lot of misguided information out there in the security world about what counts as protection and what does not. A lot of this information has come from well-meaning sources. For example encouraging people to use https over http, it will secure your connection which is good for card transactions between you and a site, but that doesn’t mean the site itself is not a phishing site and there can be no vulnerabilities such as card skimmers. We have a lot of delegates telling us they were unaware of these vulnerabilities which really shows the importance of these events.
I think I just like to feel like we have increased awareness and hopefully inspired delegates to look harder at their security posture, even if it’s something as simple as keeping up to date with patches.
What do you look for in a partner?
AppCheck only works with organisations who deliver outstanding levels of service, who understand the importance of security and support their clients as trusted partners. Finding these attributes isn’t easy. However, in CyberWhite, AppCheck has found a company that meets and exceeds these requirements. CyberWhite is renowned for taking a proactive approach to helping their customers. This mindset clearly aligns with AppCheck’s values and ethos.
Thanks for reading and as always if you have any questions, comments or ideas for content you’d like to see featured on the blog please contact us: firstname.lastname@example.org
No software to download or install.
Contact us or call us 0113 887 8380