AppCheck Security Blog

Reflecting on AppCheck: Stephen Gierke

We have taken on lots of new starters at AppCheck across all departments as we continue to enjoy a period of expansion. We sit down with Stephen Gierke, one of our Account Managers, and ask him about what it's like to work for AppCheck.

read more

Reflecting on AppCheck: Stephen Gierke

We have taken on lots of new starters at AppCheck across all departments as we continue to enjoy a period of expansion. We sit down with Stephen Gierke, one of our Account Managers, and ask him about what it's like to work for AppCheck.

Read more

How to choose your DAST Tool

There are a few things you should look for in a DAST tool, some that are universally recommended, and some the utility of which may depend on your organisation and its unique operating environment. Some of the features that AppCheck believes are most important to be included in your new DAST tool are outlined in this article.

Read more

Umbraco ApplicationURL Overwrite & Persistent Password Reset Poison (CVE-2022-22690 & CVE-2022-22691)

Read more

A Christmas Poem - from AppCheck

Our technical team was feeling extremely festive...so we asked them to write a poem

Read more

Apache Log4j 2 Vulnerability (CVE-2021-44228)

A remote code execution vulnerability (CVE-2021-44228) is affecting multiple versions of the Apache Log4j 2 library.

Read more

Webinar: All I Want For Christmas Is Auth!

This webinar hopes to build up an understanding of authentication vulnerabilities, working from the most basic to more intricate scenarios, sparing no detail whilst remaining accessible to non-technical audiences. Straight from the stage of Digital Transformation Expo, this webinar has received some excellent feedback and is not one to be missed.

Read more

DNS Rebinding Attacks

A successful exploit of a DNS rebinding attack turns a victim’s browser into a proxy for attacking screened devices on the user’s private network, which are not exposed to the public internet. Rather than being a “standalone” vulnerability, it is typically used to enable further, onward attacks against devices that an individual or organisation may believe are inaccessible to attackers. DNS rebinding attacks aren’t as well known of or understood by organisations in the same way as household-name exploits such as “XSS”, and so many organisations may not have explicit protection measures in place.

Read more

Session Puzzling Attacks (a.k.a. “Session Variable Overloading”)

In this article we’re going to take a look at so-called “Session Puzzling Attacks.” So in this article we’re going to step through a full explanation of typical session handling mechanisms, how the vulnerability can arise within them, and how to prevent vulnerabilities of this class.

Read more

Reflecting on AppCheck - Dylan Marriott

We have taken on lots of new starters at AppCheck across all departments as we continue to enjoy a period of expansion. We sit down with Dylan Marriott, our Application Support Engineer, and ask him how his first few months with AppCheck have gone.

Read more

AppCheck joins Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).

We are delighted to announce that we have become the latest vendor to be authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).

Read more