AppCheck Security Blog

As app development becomes more complex and incorporates more features than ever, it is critical to make sure security testing is embedded in your security development life cycle. The appetite for faster release cycles has never been greater, but even if your organisation is rushing to production, code needs to be secure before it is deployed.

The AppCheck research team identified a security flaw (CVE-2018-2505) within SAP Hybris affecting many large online retailers. The security flaw was due to an insecure JavaScript library that allows malicious JavaScript to be injected into a user’s session with the affected Hybris application.

As we probably all know, information security is a broad subject and for many of us understanding the different layers that can help within this spectrum can be at times difficult. In this blog we will look at the risk and what you as a business could do about it!

There is no doubt that the GDPR is serious business. AppCheck has noticed a significant shift in focus by company executives, taking a much more active interest in security matters since the GDPR, and specifically the fines were introduced. Naturally, with that comes a never-ending list of vendors claiming to solve the GDPR problem. In truth, no one product or service can achieve compliance, rather the GDPR requires a strategy that includes a thorough understanding of your responsibilities, exposure and requirements to demonstrate compliance with the six principals of the GDPR.

Browser based Crypto-Mining malware has made a dramatic resurgence in 2018 hitting the headlines on several occasions over the past month. Most recently, two major campaigns affecting thousands were reported by The Register with those affected ranging from YouTube to the UK’s Information Commissioner’s Office.