AppCheck Security Blog

AppCheck & the OWASP Penetration Testing Checklist

Research / Posted September 03, 2021

The OWASP Penetration Testing Checklist is aimed at delivering a baseline standard against which potential vendor solutions can be assessed to ensure that a prospective web application security testing provider delivers a service that is sufficient

Umbraco Forms File Upload Vulnerability: Technical Analysis (CVE-2021-37334)

Research Security Alerts / Posted August 25, 2021

On the 15th of July 2021 Umbraco and AppCheck released a Security Advisory to alert users of a vulnerability within the Umbraco Forms component that could be exploited to gain remote code execution on the affected system.

AppCheck & The OWASP Top 10 Privacy Risks

Research / Posted August 24, 2021

The OWASP Top 10 Privacy Risks list is an attempt to curate a completely neutral set of prioritised privacy risks for businesses to consider, as well as a recommended set of countermeasures for businesses to deploy against the occurrence of those risks.

Features Review: GoScript and Card Skimmers

Product / Posted August 17, 2021

AppCheck has many features and is constantly being updated. Here we look at just two, authenticated scanning and card-skimming.

AppCheck Web Application Security Seminar - September 2021

Events / Posted August 16, 2021

The Web Application Security seminar is a free event that presents a detailed analysis of the most common threats facing web applications today. We will review high profile examples and provide a technical breakdown of critical security flaws along with an introduction into emerging technologies.

When Encryption Goes Bad

Research / Posted August 13, 2021

Customers new to the AppCheck platform can often be surprised at the number of vulnerabilities that AppCheck highlights relating to transport encryption offered on their services – unencrypted (plaintext) services, web applications with vulnerable cipher suites, encryption libraries containing exploitable flaws, registration forms that email users passwords in clear text. The list of checks that AppCheck performs is extensive, and on a website that has not previously been covered by regular vulnerability scanning, the extent of encryption issues can be surprising

Webinar: The Great Database Heist: Where'd all my Data Just Go!?

Events / Posted August 09, 2021

Databases are fantastic - providing a standardised interface for creating, updating, reading and deleting data from a backend system. They can be optimised to efficiently service your applications data storage and retrieval requirements, allowing it to scale effortlessly… and, via common pitfalls in their use, they can give a hacker access to all your data too.

URGENT Security Advisory: Umbraco Forms RCE patch releases 20th July at 7am UTC

Research / Posted July 19, 2021

Security Issue:

Researchers at AppCheck have discovered a security issue within Umbraco Forms which could lead to a remote code execution attack and/or arbitrary file deletion. Umbraco are advising everyone be ready for a fix which is to be released 20th July at 7am UTC.

AppCheck in the hands of a pen tester

Product / Posted July 13, 2021

Dean Moulden, Senior Penetration Tester at Security Risk Management (SRM), explains how AppCheck helps him and the rest of SRM’s penetration testing team to offer clients a fast, accurate and reliable service.

HTTP Verbs & Their Security Risks

Research / Posted July 05, 2021

In this article we’ll take a look into what HTTP “verbs” or methods are, how each varies and works, and what the potential security risks are that should be considered with each. We’ll also see how vulnerability scanners such as AppCheck can automatically check for many of the potential vulnerabilities presented by webservers making use of these methods.

Start your free trial