AppCheck Security Blog
Featured post
Critical Vulnerabilities in SaltStack CVE-2020-11651 & CVE-2020-11652
/ Posted May 01, 2020
Vulnerabilities within SaltStack infrastructure automation software may lead to RCE attacks and full system takeover. According to security researchers who found these vulnerabilities, attacks are expected in the wild as soon as today.
read moreFilter by:
Critical Vulnerabilities in SaltStack CVE-2020-11651 & CVE-2020-11652
Security Alerts / Posted May 01, 2020
Vulnerabilities within SaltStack infrastructure automation software may lead to RCE attacks and full system takeover. According to security researchers who found these vulnerabilities, attacks are expected in the wild as soon as today.
Read moreSecure inclusion of third party content using SOP, CSP, SRI & CORS
Research / Posted April 27, 2020
In this article we’ll take a look at how the origin of resources loaded by your web application – such as third party JavaScript – can impact the security of your organisational and customer data.
Read moreHacks by URL: Devastating and Criminally Simple
Events / Posted April 23, 2020
AppCheck would like to invite you and your colleagues to our next 1-hour webinar surrounding the subtle dangers of the humble URL.
Read moreHacks by URL: Devastating and Criminally Simple
Events / Posted April 23, 2020
Having presented this popular session at the Digital Transformation Expo and the Cloud & Cyber Security Expo with overwhelming success, we have decided to provide this as a condensed webinar for those not able to attend.
Read moreAn Introduction to Web Shells
Research / Posted April 09, 2020
A web shell is a web-based implementation of the shell concept. There’s plenty of legitimate examples where a web shell might be useful functionality – for example to provide an administrative web GUI to an appliance such as a firewall, but for the purposes of this article we will consider malicious web shells - scripts that can be uploaded by an attacker to a web server to enable remote administration of the machine unknown to the system’s proper owner.
Read moreInjection Attacks: An Introduction
Research / Posted April 06, 2020
Injection attacks are unique in that they have remained at the top of the OWASP Top 10 list since 2004. So for over a decade this type of vulnerability has been considered the most critical vulnerability for organisations to be aware of when developing code for the web.
Read moreHacks by URL: Devastating and Criminally Simple
Events / Posted April 03, 2020
Having presented this popular session at the Digital Transformation Expo and the Cloud & Cyber Security Expo with overwhelming success, we have decided to provide this as a condensed webinar for those not able to attend.
Read moreIn the current climate would you benefit from a free IT Security Test?
Product / Posted March 27, 2020
Take a no obligation, no hassle, complimentary automated penetration test with AppCheck and let our internal consultants provide you a thorough CVSS security report detailing our findings and recommended remediation. Our goal to uncover all High, Medium and Low risk vulnerabilities, including the OWASP TOP 10.
Read moreWhat is Cross-Site Scripting and how to prevent it
Research / Posted March 25, 2020
Cross-Site Scripting or “XSS” is one of the most common vulnerabilities found in web applications. XSS made up nearly 40 per cent of all attacks logged by security researchers in recent years, who also noted that almost 75 per cent of large companies across Europe had been targeted over the last year.
Read moreCOVID-19 Update
News / Posted March 18, 2020
During this time of uncertainty around the impacts related to COVID-19 we would like to reassure our customers, partners and employees that we anticipate minimal disruption to services and that staff well-being and helping keep customers secure remains our top priority.
Read more