AppCheck Security Blog
Featured post
Filepath Manipulation
/ Posted June 08, 2022
In this blog post, we look at how filepath manipulation can occur at a technical level, at how attackers may seek to exploit such vulnerabilities, and at how developers and system administrators within an organisation can best guard against falling victim to such exploits.
read moreFilter by:
Filepath Manipulation
Research / Posted June 08, 2022
In this blog post, we look at how filepath manipulation can occur at a technical level, at how attackers may seek to exploit such vulnerabilities, and at how developers and system administrators within an organisation can best guard against falling victim to such exploits.
Read moreCookie Security
Research / Posted June 01, 2022
In this blog post we will review what cookies are, why cookies are needed at all, how cookies work, the weaknesses that cookies can be prone to both inherently as well as if implemented incorrectly, and how both website operators and general web users can help to ensure their secure implementation and usage.
Read moreDNN CMS Server-Side Request Forgery (CVE-2021-40186)
Research Security Alerts / Posted May 26, 2022
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.
Read moreAppCheck is Shortlisted for the SC Awards Europe 2022
News / Posted May 19, 2022
AppCheck has been shortlisted for Best Vulnerability Management Solution Award at this year's SC Awards Europe
Read morePrivilege Escalation
Research / Posted May 19, 2022
his blog post looks in more detail at how privilege escalation can occur, as well as highlighting some common variants and also how to best prevent or avoid them from happening.
Read moreHoneypots
Research / Posted May 05, 2022
One tool that is often overlooked despite a history of deployment stretching back over thirty years is the honeypot, a deployed resource that is used to monitor and analyse attacks against a network, as well as reveal information about the attackers behind them. In this blog post we examine exactly what honeypots are and how they work, and whether they could benefit your organisation.
Read moreDOM XSS
Research / Posted April 21, 2022
“DOM” stands for “Document Object Model” and although you may not have heard of it, it underpins how every web browser interprets and renders web pages that are received from the server.
Read moreAppCheck Web Application Security Seminar - LONDON
Events / Posted April 14, 2022
Our AppCheck Web Application Security Seminar is coming to London, on May 27th, at Lord's Cricket Ground. This FREE educational day offers “A fantastic and revealing insight into the world of hacking.”
Read more“NginxDay”: NGINX LDAP Reference Implementation Zero Day Vulnerability
Research / Posted April 12, 2022
A recent zero-day vulnerability has been publicly shared revealing a critical issue with the nginx-ldap-auth software package allowing attackers to potentially bypass authentication and disclose key information on vulnerable servers.
Read moreWeb Server and Web Application Hardening
Research / Posted April 07, 2022
System hardening is the practice of securing a computer system by minimising its attack surface. Measures used can include the uninstallation of unneeded or unused software, especially those which run a network service, and the changing of various system or application settings from flexible default values to more secure values
Read more