AppCheck Security Blog

Cross-Site Tracing (XST)

Cross-Site Tracing is a particularly elaborate vulnerability that, like cross-site scripting, involves the ability to move data between different origins (essential between different web sites, within the context of this article) in an exploitative way that bypasses controls intended to prevent such transfer.

read more

Cross-Site Tracing (XST)

Cross-Site Tracing is a particularly elaborate vulnerability that, like cross-site scripting, involves the ability to move data between different origins (essential between different web sites, within the context of this article) in an exploitative way that bypasses controls intended to prevent such transfer.

Read more

HTML5 Cross-Document Messaging Vulnerabilities

In this article, we take a look at the security model that the Web Messaging API (a.k.a. “Cross-Document Messaging”) - is built on, why the security measures that it introduces are necessary, and some of the potential mis-configurations that can undermine the API’s security model.

Read more

vBulletin Zero Day Details & Plug-in

Security researcher Amir Etemadieh has released a pre-authentication zero-day remote command execution (RCE) exploit in vBulletin. This exploit is bypasses the patch for a previous RCE in vBulletin 5.0 through 5.4 and has since been assigned CVE-2019-16759.

Read more

Case Study - East Ayrshire Council

East Ayrshire Council have over 5,000 employees and a vast IT infrastructure. They needed a tool that could scan their internal and external environments, with a price tag that was right for a local authority. Read on to find out how AppCheck could help.

Read more

Webinar: Integrating Security Testing into your Azure Pipelines

Following a popular response from the launch of our Azure Pipeline Integration we have decided to run a webinar exploring the benefits of testing in the SDLC with a deep dive into our integration and how this can help you deliver cheaper and faster security coverage, at lower cost and with greater assurance.

Read more

Integrating AppCheck into your Azure Pipelines

AppCheck is pleased to announce official support for integration into Microsoft’s Azure Pipelines.

Read more

Cross-site scripting webinar - July 2020

Cross-Site Scripting (XSS) is by far the most widespread high impact vulnerability, present even in the best of web applications, regardless of the framework or programming language employed - a burly steadfast member of the OWASP Top Ten. In this webinar we will build up piece-by-piece an understanding of XSS that spares no detail.

Read more

AppCheck Plug-in for CVE-2020-5902 & CVE-2020-5903

AppCheck have released a new plug-in to detect recently discovered security flaws within F5 BIG-IP devices, CVE-2020-5902 and CVE-2020-5903.

Read more

Webinar: URLs, Uploads and Dragons

Join our webinar exploring, through example, how subtle mishandling of URLs and files can lead to various high severity OWASP top 10 vulnerabilities.

Read more

Scanning GraphQL for Vulnerabilities with AppCheck

AppCheck is pleased to announce enhanced support for scanning GraphQL based APIs. In this post we take a brief look at GraphQL and some of the security implications surrounding the technology.

Read more