AppCheck Security Blog

OWASP Top 10 2021 Web Application Security Risks

Product / Posted September 24, 2021

Every few years the OWASP community come together to review the ten most critical web application security risks (commonly known simply as the “OWASP Top 10”) by analysing vulnerability data spanning hundreds of organisations and over 100,000 real world applications. This process was most recently performed in 2021 and a new, updated top 10 list published.

Security Advisory: Persistent XSS via Avatar Upload in Kentico CMS

Security Alerts / Posted September 17, 2021

The Kentico CMS (13.0.4001.0 Xperience platform version tested locally) is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS).

Reflecting on AppCheck: Chris McGreavy

News / Posted September 10, 2021

We spoke to Chris McGreavy, our Service Delivery Lead about his first few months here at AppCheck

AppCheck & the OWASP Penetration Testing Checklist

Research / Posted September 03, 2021

The OWASP Penetration Testing Checklist is aimed at delivering a baseline standard against which potential vendor solutions can be assessed to ensure that a prospective web application security testing provider delivers a service that is sufficient

Umbraco Forms File Upload Vulnerability: Technical Analysis (CVE-2021-37334)

Research Security Alerts / Posted August 25, 2021

On the 15th of July 2021 Umbraco and AppCheck released a Security Advisory to alert users of a vulnerability within the Umbraco Forms component that could be exploited to gain remote code execution on the affected system.

AppCheck & The OWASP Top 10 Privacy Risks

Research / Posted August 24, 2021

The OWASP Top 10 Privacy Risks list is an attempt to curate a completely neutral set of prioritised privacy risks for businesses to consider, as well as a recommended set of countermeasures for businesses to deploy against the occurrence of those risks.

Features Review: GoScript and Card Skimmers

Product / Posted August 17, 2021

AppCheck has many features and is constantly being updated. Here we look at just two, authenticated scanning and card-skimming.

AppCheck Web Application Security Seminar - September 2021

Events / Posted August 16, 2021

The Web Application Security seminar is a free event that presents a detailed analysis of the most common threats facing web applications today. We will review high profile examples and provide a technical breakdown of critical security flaws along with an introduction into emerging technologies.

When Encryption Goes Bad

Research / Posted August 13, 2021

Customers new to the AppCheck platform can often be surprised at the number of vulnerabilities that AppCheck highlights relating to transport encryption offered on their services – unencrypted (plaintext) services, web applications with vulnerable cipher suites, encryption libraries containing exploitable flaws, registration forms that email users passwords in clear text. The list of checks that AppCheck performs is extensive, and on a website that has not previously been covered by regular vulnerability scanning, the extent of encryption issues can be surprising

Webinar: The Great Database Heist: Where'd all my Data Just Go!?

Events / Posted August 09, 2021

Databases are fantastic - providing a standardised interface for creating, updating, reading and deleting data from a backend system. They can be optimised to efficiently service your applications data storage and retrieval requirements, allowing it to scale effortlessly… and, via common pitfalls in their use, they can give a hacker access to all your data too.

AppCheck Security Blog

Start your free trial