AppCheck news & events

AppCheck Webinar: Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) is by far the most widespread high impact vulnerability, present even in the best of web applications, regardless of the framework or programming language employed - a burly steadfast member of the OWASP Top Ten.
Here at AppCheck the client-side nature of typical XSS has led to a general underappreciation of its exploitation potential, though a good understanding of the vulnerability and its subtle variations will show how it can be used to devastating effect... and more importantly: how it can be avoided.
In this seminar we will build up piece-by-piece an understanding of XSS that spares no detail.

read more

AppCheck Webinar: Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) is by far the most widespread high impact vulnerability, present even in the best of web applications, regardless of the framework or programming language employed - a burly steadfast member of the OWASP Top Ten.
Here at AppCheck the client-side nature of typical XSS has led to a general underappreciation of its exploitation potential, though a good understanding of the vulnerability and its subtle variations will show how it can be used to devastating effect... and more importantly: how it can be avoided.
In this seminar we will build up piece-by-piece an understanding of XSS that spares no detail.

Read more

Unicode Normalization Vulnerabilities & the Special K Polyglot

Many applications and systems have adopted Unicode as a method of encoding and storing string data. This blog post looks at some of the security flaws that can arise due to Unicode Normalization in modern web applications.

Read more

Case Study - The Royal College of Emergency Medicine

'A major factor in choosing AppCheck was that it quickly shows the areas we need to act on and eliminates the guesswork.' See what The Royal College of Emergency Medicine had to say about us when we sat down and caught up with their IT team.

Read more

8 Tips to Improve IT Security for SMEs

When we think of cyber-attacks our minds often flash to larger corporations and massive data leaks for millions of customers, but these are just the ones we see reported in the news. In fact the Verizon 2019 Data Breach Report found that 43% of breaches involved small business victims.

Cyber-attacks are on the rise and for most SMEs trying to get your head around them and protect your business can be a daunting and difficult task. We have complied a list of 8 steps to help prevent breaches including practical advice on what to do should a breach occur.

Read more

AppCheck at the IP Expo 2019

We are attending this year’s Digital Transformation Expo down at ExCel London 9-10th October and hope to see you there. Not only do we have a stand located in the heart of the IT Security arena, where we’ll be talking all things web application security, our Head of Research & Development will also be delivering a key talk in the Cyber Hack theatre where he’ll be covering one of the most intriguing topics surrounding web application vulnerabilities.

Read more

ADDITIONAL DATES - Web Application Security Seminar - September 2019

Web Application Security Seminar
Chelsea Football Stadium, London - Friday 6th September 2019 - 10:00am- 4:00pm

A Practical View of the Most Common Threats Facing Web Apps Today
The Web Application Security seminar is a free event that presents a detailed analysis of the most common threats facing web applications today. We will review high profile examples and provide a technical breakdown of critical security flaws along with an introduction into emerging technologies such as HTML5.
Each candidate will receive a copy of the slides and exclusive tools and exploit code used in the live hacking demonstrations.

Read more

British Airways fined £183m following recent cyber attack

Since the introduction of GDPR regulations in May 2018 the possible consequences of hacks have increased with data breaches now potentially leading to large fines.

At the back end of last year British Airways became a target of a cyber attack which compromised the financial data of it’s customers.
For a period of around 2 weeks hackers exploited the British Airlines website undetected, being able to access personal and financial details of customers, believed to be around 400,000. Being able to access names, addresses, credit card numbers, expiry dates and even three-digit CVV codes on the back of the cards gave the hackers everything they needed to make fraudulent payments.

Read more

Amazon S3 Buckets Expose Data of Major Companies

Three AWS S3 Buckets, owned by data management company Attunity, have exposed customer data of some major global companies. This data was found on publicly accessibly Amazon S3 Buckets which were not password protected and includes email correspondence, system passwords, sales and marketing contact information, project specifications and employee personal data. The total size of the leak is still unclear.

Read more

AppCheck vs OWASP Top 10

Every few years the OWASP community come together to review the ten most critical web application security risks by analysing vulnerability data spanning hundreds of organisations and over 100,000 real world applications.
These vulnerabilities are assessed using a number of factors such as detectability, exploitability and potential impact to create the final list.
So let’s take a look at what’s included and why AppCheck incorporates these vulnerabilities into it’s standard scan templates, reporting, dashboards and more…

Read more

New feature announcement: Subdomain takeover audit

AppCheck has released a new detection module available to all customers to scan for subdomain takeover vulnerabilities. 

Read more