AppCheck Security Blog

An Introduction to Web Shells

A web shell is a web-based implementation of the shell concept. There’s plenty of legitimate examples where a web shell might be useful functionality – for example to provide an administrative web GUI to an appliance such as a firewall, but for the purposes of this article we will consider malicious web shells - scripts that can be uploaded by an attacker to a web server to enable remote administration of the machine unknown to the system’s proper owner.

read more

An Introduction to Web Shells

A web shell is a web-based implementation of the shell concept. There’s plenty of legitimate examples where a web shell might be useful functionality – for example to provide an administrative web GUI to an appliance such as a firewall, but for the purposes of this article we will consider malicious web shells - scripts that can be uploaded by an attacker to a web server to enable remote administration of the machine unknown to the system’s proper owner.

Read more

Injection Attacks: An Introduction

Read more

Hacks by URL: Devastating and Criminally Simple

Having presented this popular session at the Digital Transformation Expo and the Cloud & Cyber Security Expo with overwhelming success, we have decided to provide this as a condensed webinar for those not able to attend.

Read more

In the current climate would you benefit from a free IT Security Test?

Take a no obligation, no hassle, complimentary automated penetration test with AppCheck and let our internal consultants provide you a thorough CVSS security report detailing our findings and recommended remediation. Our goal to uncover all High, Medium and Low risk vulnerabilities, including the OWASP TOP 10.

Read more

What is Cross-Site Scripting and how to prevent it

Cross-Site Scripting or “XSS” is one of the most common vulnerabilities found in web applications. XSS made up nearly 40 per cent of all attacks logged by security researchers in recent years, who also noted that almost 75 per cent of large companies across Europe had been targeted over the last year.

Read more

COVID-19 Update

During this time of uncertainty around the impacts related to COVID-19 we would like to reassure our customers, partners and employees that we anticipate minimal disruption to services and that staff well-being and helping keep customers secure remains our top priority.

Read more

An Introduction to SQL Injection (SQLi)

Injection attacks are the most common type of fault found in web applications, they are usually the result of unfiltered user input being directly included into command executions or database queries.

Read more

Web cache poisoning explained

A cache in computing is a temporary store of any content that has been retrieved from its original (master) source. Caches are typically used so that the data can be served faster the next time it is requested, since it needs only be retrieved from the local cache rather than the original source. The problem from a security point of view is that any response that is successfully cached will by design be stored and served to other users, and in some circumstances this can lead to problems.

Read more

Webinar: Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) is by far the most widespread high impact vulnerability, present even in the best of web applications, regardless of the framework or programming language employed - a burly steadfast member of the OWASP Top Ten.
Here at AppCheck the client-side nature of typical XSS has led to a general underappreciation of its exploitation potential, though a good understanding of the vulnerability and its subtle variations will show how it can be used to devastating effect... and more importantly: how it can be avoided.
In this seminar we will build up piece-by-piece an understanding of XSS that spares no detail.

Read more

AppCheck Vulnerability Scanner Release Notes - 03.03.2020

A short summary of recent work on the product and an insight into the development of AppCheck.

Read more