AppCheck Security Blog
Featured post
Web Server Information Disclosure
/ Posted May 23, 2023
In this blog post, we look at why information disclosure is considered to be an issue at all, how it occurs, the ways in which the information can be leveraged by attackers, and how organisations can best prevent against it.
read moreFilter by:
Web Server Information Disclosure
Research / Posted May 23, 2023
In this blog post, we look at why information disclosure is considered to be an issue at all, how it occurs, the ways in which the information can be leveraged by attackers, and how organisations can best prevent against it.
Read moreExploiting SNI SSRF to access the AWS IDMSv2 service
Research / Posted March 17, 2023
In this post we look at a unique method of delivering a SSRF payload and review how this could be leveraged to fully compromise a cloud environment. We will also dive into the potential risks and impact of SSRF and highlight the importance of a secure cloud deployment.
Read moreVPN Security
Research / Posted February 24, 2023
In this blog post we look at some of the common risks associated with VPN deployment, and how they can best be avoided so that technical services and functions can be delivered to the required audiences with greater security assurance.
Read moreWhat is a trust boundary and how can I apply the principle to improve security?
Research / Posted February 10, 2023
In this blog post we look at what trust boundaries are, how they are commonly utilised, and what simple processes teams can take in order to begin the process of implementing trust boundaries in order to better manage cybersecurity risk.
Read moreHacking in The Movies: What They Get Wrong (And What They Occasionally Get Right…)
General / Posted January 19, 2023
In this blog post we take a step back from some of our more serious and informational content and dive instead into the world of entertainment, taking a light-hearted look at some of the most common tropes found in movie portrayals of hacking.
Read moreDatabase Hardening
General / Posted January 17, 2023
In this blog post we take a look at the wider context of database security by briefly surveying the various scenarios surrounding database configuration, deployment and maintenance that can lead to security weaknesses. We then take a look at what measures organisations can take to harden their database systems to better resist attacks or exploits by adversaries.
Read moreDNS Security
General / Posted November 09, 2022
We will look at how the DNS system developed, as well as how some of the decisions taken in establishing the protocols used for DNS, leave it vulnerable to certain exploits. Finally, we will cover some of the more esoteric exploits using the protocol that have since been discovered or developed by researchers and hackers, as well as what can be done to ensure that DNS implementations and usages are suitably secured wherever possible.
Read moreThe New OpenSSL Critical Vulnerability - Early Information and Detections
News / Posted November 01, 2022
This article will cover what we know so far, how AppCheck customers can detect the issue and details of how we can help if you're not an existing customer. We will be updating the article as new information arises so keep checking back.
Read moreFile Upload Vulnerabilities
Research / Posted October 20, 2022
In this blog post, we take a deeper than usual dive into the topic of file upload vulnerabilities: we look at the mechanisms that operate underneath the hood when uploading and storing files on a webserver, and at how these can be exploited by attackers if developers fail to adequately ensure their safe implementation and operation.
Read moreWhat is Open-Source Intelligence (OSINT)?
Research / Posted September 28, 2022
This blog post aims to introduce a few of the key OSINT techniques, look at who makes use of OSINT, explore how OSINT can be used in the cyber security space to aid in the enumeration phase of a web application security assessment.
Read more