Featured post
/ Posted July 28, 2022
In this blog post, we investigate how and why HTTP parameter pollution is possible at all, how it can potentially be exploited to undermine web application security, and how it can be guarded against by developers, system architects and others.
read moreFilter by:
Research / Posted July 28, 2022
In this blog post, we investigate how and why HTTP parameter pollution is possible at all, how it can potentially be exploited to undermine web application security, and how it can be guarded against by developers, system architects and others.
Read moreGeneral / Posted July 22, 2022
Application Programming Interfaces or APIs have existed for decades. However, they have recently seen a significant expansion in usage from their traditional use within areas such as Business to Business (B2B) or partner integrations into several new areas. [read more...]
Read moreUncategorized / Posted July 20, 2022
The OWASP Foundation, well-known for publishing a regular “Top 10” of web application security risks, recently published an “API Security Top 10”. It hasn’t received the same attention as its better-known sibling to date, but we’ll take a look at the vulnerabilities presented, and how you can best address them within your organisation’s API development.
Read moreGeneral / Posted July 12, 2022
In this blog post we take a step back and provide a high-level introduction to infrastructure vulnerability scanning: what it covers, what it aims to achieve, and how it contrasts to other vulnerability scanning methodologies and techniques.
Read moreResearch / Posted July 01, 2022
In this blog post, we examine what cryptocurrency is, how it works, and how its fundamental principles of operation can encourage the illicit activity known as cryptojacking. We also investigate the scale of the problem to date, and how it can best be guarded against, as well as detected should it occur.
Read moreResearch / Posted June 28, 2022
Brute force attacks are those attacks that rely purely on exhaustive effort rather than sophisticated techniques performed. They are used by attackers in several cybersecurity spheres including against encryption and authentication systems. We look at then different types of brute force attacks and the ways in which they can be avoided.
Read moreResearch / Posted June 08, 2022
In this blog post, we look at how filepath manipulation can occur at a technical level, at how attackers may seek to exploit such vulnerabilities, and at how developers and system administrators within an organisation can best guard against falling victim to such exploits.
Read moreResearch / Posted June 01, 2022
In this blog post we will review what cookies are, why cookies are needed at all, how cookies work, the weaknesses that cookies can be prone to both inherently as well as if implemented incorrectly, and how both website operators and general web users can help to ensure their secure implementation and usage.
Read moreResearch Security Alerts / Posted May 26, 2022
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.
Read moreNews / Posted May 19, 2022
AppCheck has been shortlisted for Best Vulnerability Management Solution Award at this year's SC Awards Europe
Read more