AppCheck Security Blog
Featured post
WordPress + Microsoft Office 365 / Azure AD | LOGIN Persistent Cross-Site Scripting
/ Posted October 15, 2021
The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS).
read moreFilter by:
WordPress + Microsoft Office 365 / Azure AD | LOGIN Persistent Cross-Site Scripting
Research Security Alerts / Posted October 15, 2021
The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS).
Read moreAppCheck Web Application Seminar November 2021 - LONDON
Uncategorized / Posted October 14, 2021
The Web Application Security seminar is a free event that presents a detailed analysis of the most common threats facing web applications today. We will review high profile examples and provide a technical breakdown of critical security flaws along with an introduction into emerging technologies.
Read moreSecarma Automated Testing Podcast - Nick Blundell
Research / Posted October 13, 2021
In this episode, Nick Blundell – Head of R&D at AppCheck speaks with Holly Grace Williams from Secarma about the pros and cons of vulnerability scanning, how hackers can enter weak systems and the need for a blended approach.
Read moreApache 2.4.50 (CVE-2021-42013) & 2.4.49 (CVE-2021-41773) Remote Code Execution / Path Traversal Vulnerability
Security Alerts / Posted October 06, 2021
A previous version of this article recommended updating to 2.4.50 to address the vulnerability in 2.4.49, however the fix in 2.4.50 has been now been shown to be incomplete therefore it is recommended to update to 2.4.51.
Read moreReflecting on AppCheck: Taylor-Mae Nash
News / Posted October 05, 2021
We have taken on lots of new starters at AppCheck across all departments as we continue to enjoy a period of expansion. We sit down with Taylor-Mae, our Client Services Executive, and ask her how her first few months with AppCheck have gone.
Read moreOWASP Top 10 2021 Web Application Security Risks
Product / Posted September 24, 2021
Every few years the OWASP community come together to review the ten most critical web application security risks (commonly known simply as the “OWASP Top 10”) by analysing vulnerability data spanning hundreds of organisations and over 100,000 real world applications. This process was most recently performed in 2021 and a new, updated top 10 list published.
Read moreSecurity Advisory: Persistent XSS via Avatar Upload in Kentico CMS
Security Alerts / Posted September 17, 2021
The Kentico CMS (13.0.4001.0 Xperience platform version tested locally) is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS).
Read moreReflecting on AppCheck: Chris McGreavy
News / Posted September 10, 2021
We spoke to Chris McGreavy, our Service Delivery Lead about his first few months here at AppCheck
Read moreAppCheck & the OWASP Penetration Testing Checklist
Research / Posted September 03, 2021
The OWASP Penetration Testing Checklist is aimed at delivering a baseline standard against which potential vendor solutions can be assessed to ensure that a prospective web application security testing provider delivers a service that is sufficient
Read moreUmbraco Forms File Upload Vulnerability: Technical Analysis (CVE-2021-37334)
Research Security Alerts / Posted August 25, 2021
On the 15th of July 2021 Umbraco and AppCheck released a Security Advisory to alert users of a vulnerability within the Umbraco Forms component that could be exploited to gain remote code execution on the affected system.
Read more