AppCheck Security Blog

Hacking in The Movies: What They Get Wrong (And What They Occasionally Get Right…)

General / Posted January 19, 2023

In this blog post we take a step back from some of our more serious and informational content and dive instead into the world of entertainment, taking a light-hearted look at some of the most common tropes found in movie portrayals of hacking.

Database Hardening

General / Posted January 17, 2023

In this blog post we take a look at the wider context of database security by briefly surveying the various scenarios surrounding database configuration, deployment and maintenance that can lead to security weaknesses. We then take a look at what measures organisations can take to harden their database systems to better resist attacks or exploits by adversaries.

DNS Security

General / Posted November 09, 2022

We will look at how the DNS system developed, as well as how some of the decisions taken in establishing the protocols used for DNS, leave it vulnerable to certain exploits. Finally, we will cover some of the more esoteric exploits using the protocol that have since been discovered or developed by researchers and hackers, as well as what can be done to ensure that DNS implementations and usages are suitably secured wherever possible.

The New OpenSSL Critical Vulnerability - Early Information and Detections

News / Posted November 01, 2022

This article will cover what we know so far, how AppCheck customers can detect the issue and details of how we can help if you're not an existing customer. We will be updating the article as new information arises so keep checking back.

File Upload Vulnerabilities

Research / Posted October 20, 2022

In this blog post, we take a deeper than usual dive into the topic of file upload vulnerabilities: we look at the mechanisms that operate underneath the hood when uploading and storing files on a webserver, and at how these can be exploited by attackers if developers fail to adequately ensure their safe implementation and operation.

What is Open-Source Intelligence (OSINT)?

Research / Posted September 28, 2022

This blog post aims to introduce a few of the key OSINT techniques, look at who makes use of OSINT, explore how OSINT can be used in the cyber security space to aid in the enumeration phase of a web application security assessment.

World's Strangest Hacks

Research / Posted September 13, 2022

We take a look at some of the World's Strangest Hacks. From MI6 Mojito Cupcakes to a Godzilla rampage in San Francisco, there are plenty of weird breaches to explore!

What is web application security testing and how can it help?

General / Posted August 23, 2022

Web application security testing is a key detective measure that helps to ensure that any issues that have been introduced during the application’s planning, design, development, and implementation are speedily detected and flagged for attention so that they can be addressed and remediated before an attacker can exploit them. This article explores the benefits of Web Application Security Testing and how it can help your organisation.

Case Study - Rail Delivery Group

Case Studies / Posted August 10, 2022

Rail Delivery Group were struggling with a lack of visibility of the applications that they used or created. Outsourcing business created the issue of relying on third parties to be up to date and have little to no vulnerabilities in their networks and applications. AppCheck was able to provide this visibility and ensure it could be easily presented to stakeholders in the business.

Session Hijacking

Research / Posted August 04, 2022

In this blog post, we look at how exactly session hijacking works in practice, the underlying mechanics of session management that permit it to occur, how attackers may choose to exploit the weakness when it is discovered, and how website users and site administrators can best safeguard themselves and their organisations against the exploit.

AppCheck Security Blog

Start your free trial