AppCheck Security Blog

Webinar: XSS-Mas! …and a Hijacked New Year!

Cross-Site Scripting (XSS) is by far the most widespread high impact vulnerability, present even in the best of web applications, regardless of the framework or programming language employed - a burly steadfast member of the OWASP Top Ten.

read more

Webinar: XSS-Mas! …and a Hijacked New Year!

Cross-Site Scripting (XSS) is by far the most widespread high impact vulnerability, present even in the best of web applications, regardless of the framework or programming language employed - a burly steadfast member of the OWASP Top Ten.

Read more

Template Injection: JsRender/JsViews

In this blog post we will explore Template Injection attacks against the JsReder/JsViews library.

Read more

External Entity Injection (XXE)

An XML (Extensible Markup Language) External Entity or XXE attack occurs when an attacker is able to exploit the application's processing of XML data by injecting malicious entities.

Read more

Introduction to... Deserialisation Vulnerabilities

Deserialisation vulnerabilities were introduced to the OWASP Top 10 in 2017, nudging out Cross-Site Request Forgery (CSRF), based on the increasing prevalence and impact of deserialisation attacks reported in an industry survey. But what are deserialisation vulnerabilities, how do they occur, why did the threat from them suddenly increase in recent years, and what can be done to protect your organisation from this vulnerability?

Read more

Tales of Terror [Readers Beware]

Read more

Server-Side Request Forgery (SSRF) & the Cloud Resurgence

So what exactly is SSRF? How does it work, why is it more prevalent in 2020, and how can we protect against it?

Read more

Web App Security: Why So Hard?

Action... Mystery... Intrigue...
What does AppCheck's latest have in store? Click for more...

Read more

A COVID Christmas: Protecting Your Critical Ecommerce Assets

In this article we will address the current situation, how hackers can exploit your websites, what you can do to protect yourself and where AppCheck comes in as an automated penetration testing tool to make sure you’re not leaving yourself vulnerable.

Read more

Webinar: Why Web Application Security Should be Job Number One

We will provide a high-level overview of why web app security is important with case studies into recent hacks before looking at how you as a business can help mitigate these attacks with practical advice.

Read more

WebSocket Security - Cross-Site Hijacking (CSWSH)

In this article we are going to take a look at one of the newer technologies used in modern web applications, the “WebSockets” that were standardized by the Internet Engineering Task Force (IETF) in 2011.

Read more