AppCheck Security Blog
Featured post
Webinar: The Great Database Heist: Where’d all my Data Just go!?
/ Posted January 12, 2021
We will explore how such common OWASP Top 10 vulnerabilities arise, looking at SQL and NoSQL injection attacks and exploits, and importantly at how to avoid them, sparing no detail whilst being accessible also at a non-technical level.
read moreFilter by:
Webinar: The Great Database Heist: Where’d all my Data Just go!?
Events / Posted January 12, 2021
We will explore how such common OWASP Top 10 vulnerabilities arise, looking at SQL and NoSQL injection attacks and exploits, and importantly at how to avoid them, sparing no detail whilst being accessible also at a non-technical level.
Read moreBeyond the OWASP Top 10 – “Chicken Bits”, Pollution & Greedy Matches
Research / Posted December 16, 2020
In this article we go boldly beyond the OWASP Top 10 to review a few critical, interesting or just plain bizarre vulnerabilities not included in OWASP Top 10 and see how they could impact you.
Read moreWhat to expect from your free vulnerability scan
Product / Posted December 04, 2020
In this article, we’re going to look at what a vulnerability scan is, how it can help to protect your organisation, and how AppCheck will work with you to deliver a free trial scan of your own websites, networks and infrastructure to demonstrate these benefits.
Read moreWebinar: XSS-Mas! …and a Hijacked New Year!
Events / Posted December 04, 2020
Cross-Site Scripting (XSS) is by far the most widespread high impact vulnerability, present even in the best of web applications, regardless of the framework or programming language employed - a burly steadfast member of the OWASP Top Ten.
Read moreTemplate Injection: JsRender/JsViews
Research / Posted December 01, 2020
In this blog post we will explore Template Injection attacks against the JsReder/JsViews library.
Read moreExternal Entity Injection (XXE)
Research / Posted November 26, 2020
An XML (Extensible Markup Language) External Entity or XXE attack occurs when an attacker is able to exploit the application's processing of XML data by injecting malicious entities.
Read moreIntroduction to... Deserialisation Vulnerabilities
Research / Posted November 10, 2020
Deserialisation vulnerabilities were introduced to the OWASP Top 10 in 2017, nudging out Cross-Site Request Forgery (CSRF), based on the increasing prevalence and impact of deserialisation attacks reported in an industry survey. But what are deserialisation vulnerabilities, how do they occur, why did the threat from them suddenly increase in recent years, and what can be done to protect your organisation from this vulnerability?
Read moreTales of Terror [Readers Beware]
News / Posted October 30, 2020
Server-Side Request Forgery (SSRF) & the Cloud Resurgence
Research / Posted October 20, 2020
So what exactly is SSRF? How does it work, why is it more prevalent in 2020, and how can we protect against it?
Read moreWeb App Security: Why So Hard?
Events / Posted October 16, 2020
Action... Mystery... Intrigue...
What does AppCheck's latest have in store? Click for more...