AppCheck Security Blog
Featured post
Apache 2.4.50 (CVE-2021-42013) & 2.4.49 (CVE-2021-41773) Remote Code Execution / Path Traversal Vulnerability
/ Posted October 06, 2021
A previous version of this article recommended updating to 2.4.50 to address the vulnerability in 2.4.49, however the fix in 2.4.50 has been now been shown to be incomplete therefore it is recommended to update to 2.4.51.
read moreFilter by:
Apache 2.4.50 (CVE-2021-42013) & 2.4.49 (CVE-2021-41773) Remote Code Execution / Path Traversal Vulnerability
Security Alerts / Posted October 06, 2021
A previous version of this article recommended updating to 2.4.50 to address the vulnerability in 2.4.49, however the fix in 2.4.50 has been now been shown to be incomplete therefore it is recommended to update to 2.4.51.
Read moreReflecting on AppCheck: Taylor-Mae Nash
News / Posted October 05, 2021
We have taken on lots of new starters at AppCheck across all departments as we continue to enjoy a period of expansion. We sit down with Taylor-Mae, our Client Services Executive, and ask her how her first few months with AppCheck have gone.
Read moreOWASP Top 10 2021 Web Application Security Risks
Product / Posted September 24, 2021
Every few years the OWASP community come together to review the ten most critical web application security risks (commonly known simply as the “OWASP Top 10”) by analysing vulnerability data spanning hundreds of organisations and over 100,000 real world applications. This process was most recently performed in 2021 and a new, updated top 10 list published.
Read moreSecurity Advisory: Persistent XSS via Avatar Upload in Kentico CMS (CVE-2021-43991)
Security Alerts / Posted September 17, 2021
The Kentico CMS (13.0.4001.0 Xperience platform version tested locally) is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS).
Read moreReflecting on AppCheck: Chris McGreavy
News / Posted September 10, 2021
We spoke to Chris McGreavy, our Service Delivery Lead about his first few months here at AppCheck
Read moreAppCheck & the OWASP Penetration Testing Checklist
Research / Posted September 03, 2021
The OWASP Penetration Testing Checklist is aimed at delivering a baseline standard against which potential vendor solutions can be assessed to ensure that a prospective web application security testing provider delivers a service that is sufficient
Read moreUmbraco Forms File Upload Vulnerability: Technical Analysis (CVE-2021-37334)
Research Security Alerts / Posted August 25, 2021
On the 15th of July 2021 Umbraco and AppCheck released a Security Advisory to alert users of a vulnerability within the Umbraco Forms component that could be exploited to gain remote code execution on the affected system.
Read moreAppCheck & The OWASP Top 10 Privacy Risks
Research / Posted August 24, 2021
The OWASP Top 10 Privacy Risks list is an attempt to curate a completely neutral set of prioritised privacy risks for businesses to consider, as well as a recommended set of countermeasures for businesses to deploy against the occurrence of those risks.
Read moreFeatures Review: GoScript and Card Skimmers
Product / Posted August 17, 2021
AppCheck has many features and is constantly being updated. Here we look at just two, authenticated scanning and card-skimming.
Read moreAppCheck Web Application Security Seminar - September 2021
Events / Posted August 16, 2021
The Web Application Security seminar is a free event that presents a detailed analysis of the most common threats facing web applications today. We will review high profile examples and provide a technical breakdown of critical security flaws along with an introduction into emerging technologies.
Read more