AppCheck Security Blog
Featured post
AppCheck at the IP Expo 2019
/ Posted August 02, 2019
We are attending this year’s Digital Transformation Expo down at ExCel London 9-10th October and hope to see you there. Not only do we have a stand located in the heart of the IT Security arena, where we’ll be talking all things web application security, our Head of Research & Development will also be delivering a key talk in the Cyber Hack theatre where he’ll be covering one of the most intriguing topics surrounding web application vulnerabilities.
read moreFilter by:
AppCheck at the IP Expo 2019
Events / Posted August 02, 2019
We are attending this year’s Digital Transformation Expo down at ExCel London 9-10th October and hope to see you there. Not only do we have a stand located in the heart of the IT Security arena, where we’ll be talking all things web application security, our Head of Research & Development will also be delivering a key talk in the Cyber Hack theatre where he’ll be covering one of the most intriguing topics surrounding web application vulnerabilities.
Read moreADDITIONAL DATES - Web Application Security Seminar - September 2019
Events / Posted July 16, 2019
Web Application Security Seminar
Chelsea Football Stadium, London - Friday 6th September 2019 - 10:00am- 4:00pm
A Practical View of the Most Common Threats Facing Web Apps Today
The Web Application Security seminar is a free event that presents a detailed analysis of the most common threats facing web applications today. We will review high profile examples and provide a technical breakdown of critical security flaws along with an introduction into emerging technologies such as HTML5.
Each candidate will receive a copy of the slides and exclusive tools and exploit code used in the live hacking demonstrations.
British Airways fined £183m following recent cyber attack
News / Posted July 08, 2019
Since the introduction of GDPR regulations in May 2018 the possible consequences of hacks have increased with data breaches now potentially leading to large fines.
At the back end of last year British Airways became a target of a cyber attack which compromised the financial data of it’s customers.
For a period of around 2 weeks hackers exploited the British Airlines website undetected, being able to access personal and financial details of customers, believed to be around 400,000. Being able to access names, addresses, credit card numbers, expiry dates and even three-digit CVV codes on the back of the cards gave the hackers everything they needed to make fraudulent payments.
Amazon S3 Buckets Expose Data of Major Companies
News / Posted July 01, 2019
Three AWS S3 Buckets, owned by data management company Attunity, have exposed customer data of some major global companies. This data was found on publicly accessibly Amazon S3 Buckets which were not password protected and includes email correspondence, system passwords, sales and marketing contact information, project specifications and employee personal data. The total size of the leak is still unclear.
Read moreAppCheck vs OWASP Top 10 Vulnerabilities
Product / Posted June 26, 2019
Every few years the OWASP community come together to review the ten most critical web application security risks by analysing vulnerability data spanning hundreds of organisations and over 100,000 real world applications.
These vulnerabilities are assessed using a number of factors such as detectability, exploitability and potential impact to create the final list.
So let’s take a look at what’s included and why AppCheck incorporates these vulnerabilities into it’s standard scan templates, reporting, dashboards and more…
New feature announcement: Subdomain takeover audit
Product Research Security Alerts / Posted June 18, 2019
AppCheck has released a new detection module available to all customers to scan for subdomain takeover vulnerabilities.
Read moreWeb Application Security Seminar - July 2019
Events / Posted May 16, 2019
Web Application Security Seminar
Chelsea Football Stadium, London – Friday 26th July 2019 - 9.30am- 4:30pm
A Practical View of the Most Common Threats Facing Web Apps Today
The Web Application Security seminar is a free event that presents a detailed analysis of the most common threats facing web applications today. We will review high profile examples and provide a technical breakdown of critical security flaws along with an introduction into emerging technologies such as HTML5.
Each candidate will receive a copy of the slides and exclusive tools and exploit code used in the live hacking demonstrations.
Is Your Development Life Cycle Truly Secure?
News / Posted May 11, 2019
As app development becomes more complex and incorporates more features than ever, it is critical to make sure security testing is embedded in your security development life cycle. The appetite for faster release cycles has never been greater, but even if your organisation is rushing to production, code needs to be secure before it is deployed.
Read moreSAP Hybris Commerce CVE-2018-2505 Vulnerability Discovered
News Research Security Alerts / Posted March 18, 2019
The AppCheck research team identified a security flaw (CVE-2018-2505) within SAP Hybris affecting many large online retailers. The security flaw was due to an insecure JavaScript library that allows malicious JavaScript to be injected into a user’s session with the affected Hybris application.
Read moreScan & Secure WordPress with AppCheck
Product / Posted December 21, 2018
WordPress is the worlds leading Content Management System (CMS) accounting for approximately 27% of all websites on the Internet. As such, WordPress is a common target for malicious attackers and malware authors aiming to propagate malicious software by compromising websites.
Almost all studies into the most commonly compromised CMS based websites list WordPress as the biggest offender, with one study citing 78% of CMS hacks attributed to WordPress.
Read more