AppCheck Security Blog
Featured post
A Christmas Poem - from AppCheck
/ Posted December 21, 2021
Our technical team was feeling extremely festive...so we asked them to write a poem
read moreFilter by:
A Christmas Poem - from AppCheck
News / Posted December 21, 2021
Our technical team was feeling extremely festive...so we asked them to write a poem
Read moreApache Log4j 2 Vulnerability (CVE-2021-44228)
Security Alerts / Posted December 13, 2021
A remote code execution vulnerability (CVE-2021-44228) is affecting multiple versions of the Apache Log4j 2 library.
Read moreWebinar: All I Want For Christmas Is Auth!
Events / Posted December 08, 2021
This webinar hopes to build up an understanding of authentication vulnerabilities, working from the most basic to more intricate scenarios, sparing no detail whilst remaining accessible to non-technical audiences. Straight from the stage of Digital Transformation Expo, this webinar has received some excellent feedback and is not one to be missed.
Read moreDNS Rebinding Attacks
Research / Posted December 01, 2021
A successful exploit of a DNS rebinding attack turns a victim’s browser into a proxy for attacking screened devices on the user’s private network, which are not exposed to the public internet. Rather than being a “standalone” vulnerability, it is typically used to enable further, onward attacks against devices that an individual or organisation may believe are inaccessible to attackers. DNS rebinding attacks aren’t as well known of or understood by organisations in the same way as household-name exploits such as “XSS”, and so many organisations may not have explicit protection measures in place.
Read moreSession Puzzling Attacks (a.k.a. “Session Variable Overloading”)
Research / Posted November 23, 2021
In this article we’re going to take a look at so-called “Session Puzzling Attacks.” So in this article we’re going to step through a full explanation of typical session handling mechanisms, how the vulnerability can arise within them, and how to prevent vulnerabilities of this class.
Read moreReflecting on AppCheck - Dylan Marriott
News / Posted November 04, 2021
We have taken on lots of new starters at AppCheck across all departments as we continue to enjoy a period of expansion. We sit down with Dylan Marriott, our Application Support Engineer, and ask him how his first few months with AppCheck have gone.
Read moreAppCheck joins Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
News / Posted November 03, 2021
We are delighted to announce that we have become the latest vendor to be authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
Read moreHalloween Cyber Security Quiz
News / Posted October 29, 2021
This year, we have prepared some cyber security quizzes to protect you from the evil that lurks.
One quiz is filled with nasty questions which will rack your brain, the other filled with treats to delight you. The question is... which is which?
BYOD & The Internet of Things
Research / Posted October 27, 2021
“BYOD” and the “Internet of Things” are two growing areas of security concern for organisations, linked conceptually by the commoditisation of information processing hardware.
Read moreSecurity Advisory: Duplicate Post WordPress Plugin SQL Injection Vulnerability (CVE-2021-43408)
Security Alerts / Posted October 25, 2021
The AppCheck Research team identified a security flaw within the “Duplicate Post” WordPress plugin. The plugin has been downloaded 155,421 times at the time of writing. This blog post details the finding along with remediation advice.
Read more