AppCheck Security Blog

OWASP Top 10 2021 Web Application Security Risks

Every few years the OWASP community come together to review the ten most critical web application security risks (commonly known simply as the “OWASP Top 10”) by analysing vulnerability data spanning hundreds of organisations and over 100,000 real world applications. This process was most recently performed in 2021 and a new, updated top 10 list published.

read more

OWASP Top 10 2021 Web Application Security Risks

Every few years the OWASP community come together to review the ten most critical web application security risks (commonly known simply as the “OWASP Top 10”) by analysing vulnerability data spanning hundreds of organisations and over 100,000 real world applications. This process was most recently performed in 2021 and a new, updated top 10 list published.

Read more

Security Advisory: Persistent XSS via Avatar Upload in Kentico CMS

The Kentico CMS (13.0.4001.0 Xperience platform version tested locally) is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS).

Read more

Reflecting on AppCheck: Chris McGreavy

We spoke to Chris McGreavy, our Service Delivery Lead about his first few months here at AppCheck

Read more

AppCheck & the OWASP Penetration Testing Checklist

The OWASP Penetration Testing Checklist is aimed at delivering a baseline standard against which potential vendor solutions can be assessed to ensure that a prospective web application security testing provider delivers a service that is sufficient

Read more

Umbraco Forms File Upload Vulnerability: Technical Analysis (CVE-2021-37334)

On the 15th of July 2021 Umbraco and AppCheck released a Security Advisory to alert users of a vulnerability within the Umbraco Forms component that could be exploited to gain remote code execution on the affected system.

Read more

AppCheck & The OWASP Top 10 Privacy Risks

The OWASP Top 10 Privacy Risks list is an attempt to curate a completely neutral set of prioritised privacy risks for businesses to consider, as well as a recommended set of countermeasures for businesses to deploy against the occurrence of those risks.

Read more

Features Review: GoScript and Card Skimmers

AppCheck has many features and is constantly being updated. Here we look at just two, authenticated scanning and card-skimming.

Read more

AppCheck Web Application Security Seminar - September 2021

The Web Application Security seminar is a free event that presents a detailed analysis of the most common threats facing web applications today. We will review high profile examples and provide a technical breakdown of critical security flaws along with an introduction into emerging technologies.

Read more

When Encryption Goes Bad

Customers new to the AppCheck platform can often be surprised at the number of vulnerabilities that AppCheck highlights relating to transport encryption offered on their services – unencrypted (plaintext) services, web applications with vulnerable cipher suites, encryption libraries containing exploitable flaws, registration forms that email users passwords in clear text. The list of checks that AppCheck performs is extensive, and on a website that has not previously been covered by regular vulnerability scanning, the extent of encryption issues can be surprising

Read more

Webinar: The Great Database Heist: Where'd all my Data Just Go!?

Databases are fantastic - providing a standardised interface for creating, updating, reading and deleting data from a backend system. They can be optimised to efficiently service your applications data storage and retrieval requirements, allowing it to scale effortlessly… and, via common pitfalls in their use, they can give a hacker access to all your data too.

Read more