AppCheck Security Blog

Deep Dive: HTTP Parameter Pollution

In this blog post, we investigate how and why HTTP parameter pollution is possible at all, how it can potentially be exploited to undermine web application security, and how it can be guarded against by developers, system architects and others.

read more

Deep Dive: HTTP Parameter Pollution

In this blog post, we investigate how and why HTTP parameter pollution is possible at all, how it can potentially be exploited to undermine web application security, and how it can be guarded against by developers, system architects and others.

Read more

Web API Vulnerability Scanning

Application Programming Interfaces or APIs have existed for decades. However, they have recently seen a significant expansion in usage from their traditional use within areas such as Business to Business (B2B) or partner integrations into several new areas. [read more...]

Read more

OWASP API Security Top 10

The OWASP Foundation, well-known for publishing a regular “Top 10” of web application security risks, recently published an “API Security Top 10”. It hasn’t received the same attention as its better-known sibling to date, but we’ll take a look at the vulnerabilities presented, and how you can best address them within your organisation’s API development.

Read more

An Introduction to Infrastructure Vulnerability Scanning

In this blog post we take a step back and provide a high-level introduction to infrastructure vulnerability scanning: what it covers, what it aims to achieve, and how it contrasts to other vulnerability scanning methodologies and techniques.

Read more

Cryptojacking

In this blog post, we examine what cryptocurrency is, how it works, and how its fundamental principles of operation can encourage the illicit activity known as cryptojacking. We also investigate the scale of the problem to date, and how it can best be guarded against, as well as detected should it occur.

Read more

Brute Force Attacks

Brute force attacks are those attacks that rely purely on exhaustive effort rather than sophisticated techniques performed. They are used by attackers in several cybersecurity spheres including against encryption and authentication systems. We look at then different types of brute force attacks and the ways in which they can be avoided.

Read more

Filepath Manipulation

In this blog post, we look at how filepath manipulation can occur at a technical level, at how attackers may seek to exploit such vulnerabilities, and at how developers and system administrators within an organisation can best guard against falling victim to such exploits.

Read more

Cookie Security

In this blog post we will review what cookies are, why cookies are needed at all, how cookies work, the weaknesses that cookies can be prone to both inherently as well as if implemented incorrectly, and how both website operators and general web users can help to ensure their secure implementation and usage.

Read more

DNN CMS Server-Side Request Forgery (CVE-2021-40186)

The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke.  SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.

Read more

AppCheck is Shortlisted for the SC Awards Europe 2022

AppCheck has been shortlisted for Best Vulnerability Management Solution Award at this year's SC Awards Europe

Read more