AppCheck Security Blog
Featured post
Broken Access Control
/ Posted February 28, 2022
There are many different scenarios in which access control may be broken (which we look into in more detail within) but in general an access control failure is any misconfiguration or flaw within the application such that records or resources are not properly protected as designed in terms of their CIA requirements.
read moreFilter by:
Broken Access Control
Research / Posted February 28, 2022
There are many different scenarios in which access control may be broken (which we look into in more detail within) but in general an access control failure is any misconfiguration or flaw within the application such that records or resources are not properly protected as designed in terms of their CIA requirements.
Read moreZero Day Vulnerabilities Explained
Research / Posted February 23, 2022
A “zero day” is a loose term for a recently discovered vulnerability and often associated exploit that overturns the above model, i.e. where a vulnerability has been uncovered but rather than being reported to the vendor is being actively exploited (or attempting to be exploited) by malicious parties - before a patch is released and/or implemented – and often before a vendor or its customers are even aware that the vulnerability in question exists.
Read moreWeb Application Security Seminar - Manchester 25th March
Events / Posted February 07, 2022
A Practical View of the Most Common Threats Facing Web Apps Today
Read moreReflecting on AppCheck: Stephen Gierke
News / Posted January 26, 2022
We have taken on lots of new starters at AppCheck across all departments as we continue to enjoy a period of expansion. We sit down with Stephen Gierke, one of our Account Managers, and ask him about what it's like to work for AppCheck.
Read moreHow to choose your DAST Tool
Research / Posted January 20, 2022
There are a few things you should look for in a DAST tool, some that are universally recommended, and some the utility of which may depend on your organisation and its unique operating environment. Some of the features that AppCheck believes are most important to be included in your new DAST tool are outlined in this article.
Read moreUmbraco ApplicationURL Overwrite & Persistent Password Reset Poison (CVE-2022-22690 & CVE-2022-22691)
Research Security Alerts / Posted January 18, 2022
A Christmas Poem - from AppCheck
News / Posted December 21, 2021
Our technical team was feeling extremely festive...so we asked them to write a poem
Read moreApache Log4j 2 Vulnerability (CVE-2021-44228)
Security Alerts / Posted December 13, 2021
A remote code execution vulnerability (CVE-2021-44228) is affecting multiple versions of the Apache Log4j 2 library.
Read moreWebinar: All I Want For Christmas Is Auth!
Events / Posted December 08, 2021
This webinar hopes to build up an understanding of authentication vulnerabilities, working from the most basic to more intricate scenarios, sparing no detail whilst remaining accessible to non-technical audiences. Straight from the stage of Digital Transformation Expo, this webinar has received some excellent feedback and is not one to be missed.
Read moreDNS Rebinding Attacks
Research / Posted December 01, 2021
A successful exploit of a DNS rebinding attack turns a victim’s browser into a proxy for attacking screened devices on the user’s private network, which are not exposed to the public internet. Rather than being a “standalone” vulnerability, it is typically used to enable further, onward attacks against devices that an individual or organisation may believe are inaccessible to attackers. DNS rebinding attacks aren’t as well known of or understood by organisations in the same way as household-name exploits such as “XSS”, and so many organisations may not have explicit protection measures in place.
Read more