AppCheck Security Blog

Reflecting on AppCheck - Dylan Marriott

News / Posted November 04, 2021

We have taken on lots of new starters at AppCheck across all departments as we continue to enjoy a period of expansion. We sit down with Dylan Marriott, our Application Support Engineer, and ask him how his first few months with AppCheck have gone.

AppCheck joins Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).

News / Posted November 03, 2021

We are delighted to announce that we have become the latest vendor to be authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).

Halloween Cyber Security Quiz

News / Posted October 29, 2021

This year, we have prepared some cyber security quizzes to protect you from the evil that lurks.
One quiz is filled with nasty questions which will rack your brain, the other filled with treats to delight you. The question is... which is which?

BYOD & The Internet of Things

Research / Posted October 27, 2021

“BYOD” and the “Internet of Things” are two growing areas of security concern for organisations, linked conceptually by the commoditisation of information processing hardware.

Security Advisory: Duplicate Post WordPress Plugin SQL Injection Vulnerability (CVE-2021-43408)

Security Alerts / Posted October 25, 2021

The AppCheck Research team identified a security flaw within the “Duplicate Post” WordPress plugin. The plugin has been downloaded 155,421 times at the time of writing. This blog post details the finding along with remediation advice.

The current state of CSRF and should I still worry about it?

Research / Posted October 19, 2021

CSRF stands for “Cross Site Request Forgery” and is a term that is used to describe a situation in which an attacker tricks a computer user into submitting a web request that they are unaware of performing, that is performed under their identity, and which is typically against their interests. An example might be an instruction to their online bank to transfer money out of their account and into the attacker’s account. Since the action is performed from the victim’s computer, it is indistinguishable from a legitimate and intentional request made by the victim. This obviously sounds fairly alarming! Let’s dig deeper into the mechanisms that make this possible.

Webinar: Authentication: Bypassed!

Events / Posted October 15, 2021

A brand new webinar in which we hope to build up an understanding of authentication vulnerabilities, working from the most basic to more intricate scenarios, sparing no detail whilst remaining accessible to non-technical audiences. Straight from the stage of the Digital Transformation Expo, this will be the debut of this webinar content.

WordPress + Microsoft Office 365 / Azure AD | LOGIN Persistent Cross-Site Scripting (CVE-2021-43409)

Research Security Alerts / Posted October 15, 2021

The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS).

AppCheck Web Application Seminar November 2021 - LONDON

Events News / Posted October 14, 2021

The Web Application Security seminar is a free event that presents a detailed analysis of the most common threats facing web applications today. We will review high profile examples and provide a technical breakdown of critical security flaws along with an introduction into emerging technologies.

Secarma Automated Testing Podcast - Nick Blundell

Research / Posted October 13, 2021

In this episode, Nick Blundell – Head of R&D at AppCheck speaks with Holly Grace Williams from Secarma about the pros and cons of vulnerability scanning, how hackers can enter weak systems and the need for a blended approach.

Start your free trial