AppCheck Security Blog
Featured post
vBulletin Zero Day Vulnerability Released by Anonymous Source
/ Posted September 25, 2019
AppCheck's Head of Development states: "We have confirmed the exploit does work and is an unauthenticated RCE that attackers can exploit. Depending on the user level they access this could range from simply accessing data, editing it or even full system takeover. Earlier today we have included a plug-in for our customers to identify and safely exploit this vulnerability."
read moreFilter by:
vBulletin Zero Day Vulnerability Released by Anonymous Source
News Security Alerts / Posted September 25, 2019
AppCheck's Head of Development states: "We have confirmed the exploit does work and is an unauthenticated RCE that attackers can exploit. Depending on the user level they access this could range from simply accessing data, editing it or even full system takeover. Earlier today we have included a plug-in for our customers to identify and safely exploit this vulnerability."
Read moreWeb Application Security Seminar - November 2019
Events / Posted September 20, 2019
Web Application Security Seminar
A Practical View of the Most Common Threats Facing Web Apps Today
The Web Application Security seminar is a free event that presents a detailed analysis of the most common threats facing web applications today. We will review high profile examples and provide a technical breakdown of critical security flaws along with an introduction into emerging technologies such as HTML5.
Each candidate will receive a copy of the slides and exclusive tools and exploit code used in the live hacking demonstrations.
What is SDLC? Software Development Life Cycle Explained
Research / Posted September 19, 2019
The managed and coordinated development of software is typically modelled using something known as the Software Development Life Cycle. Although exact processes will vary between companies – and sometimes between teams within a company – the SDLC model divides the process of software development work into universal and distinct high-level phases.
Read moreCase Study - Leeds Credit Union
Case Studies / Posted September 18, 2019
We always like it when companies take proactive steps towards IT security – even better when they are based in Leeds and we get to support a local business.
See what Leeds Credit Union had to say about us when we sat down and caught up with their IT team.
Read moreData Breach Report: 17 Million Ecuador Citizen's Personal Data Leaked
News / Posted September 17, 2019
A recent data leak discovered by vpnMentor security researchers and reported by The Register includes most of Ecuador’s 16.6 million population including 6.7 million children.
The size of the data leak actually totals around 20.8 million user records once duplicate records and even records of deceased persons are factored in.
Most of the data appears to have come from the Ecuadorian government's civil registry and included personal data to the effect of full names, dates of birth, address details, national identification numbers, marital status, phone numbers, education levels and even bank details such as current balances.
AppCheck Webinar: Cross-Site Scripting (XSS)
News / Posted September 03, 2019
Cross-Site Scripting (XSS) is by far the most widespread high impact vulnerability, present even in the best of web applications, regardless of the framework or programming language employed - a burly steadfast member of the OWASP Top Ten.
Here at AppCheck the client-side nature of typical XSS has led to a general underappreciation of its exploitation potential, though a good understanding of the vulnerability and its subtle variations will show how it can be used to devastating effect... and more importantly: how it can be avoided.
In this seminar we will build up piece-by-piece an understanding of XSS that spares no detail.
Unicode Normalization Vulnerabilities & the Special K Polyglot
Research / Posted September 02, 2019
Many applications and systems have adopted Unicode as a method of encoding and storing string data. This blog post looks at some of the security flaws that can arise due to Unicode Normalization in modern web applications.
Read moreCase Study - The Royal College of Emergency Medicine
Case Studies / Posted August 28, 2019
'A major factor in choosing AppCheck was that it quickly shows the areas we need to act on and eliminates the guesswork.' See what The Royal College of Emergency Medicine had to say about us when we sat down and caught up with their IT team.
Read more8 Tips to Improve IT Security for SMEs
News / Posted August 08, 2019
When we think of cyber-attacks our minds often flash to larger corporations and massive data leaks for millions of customers, but these are just the ones we see reported in the news. In fact the Verizon 2019 Data Breach Report found that 43% of breaches involved small business victims.
Cyber-attacks are on the rise and for most SMEs trying to get your head around them and protect your business can be a daunting and difficult task. We have complied a list of 8 steps to help prevent breaches including practical advice on what to do should a breach occur.
Read moreAppCheck at the IP Expo 2019
Events / Posted August 02, 2019
We are attending this year’s Digital Transformation Expo down at ExCel London 9-10th October and hope to see you there. Not only do we have a stand located in the heart of the IT Security arena, where we’ll be talking all things web application security, our Head of Research & Development will also be delivering a key talk in the Cyber Hack theatre where he’ll be covering one of the most intriguing topics surrounding web application vulnerabilities.
Read more