AppCheck Security Blog

An Introduction to SQL Injection (SQLi)

Injection attacks are the most common type of fault found in web applications, they are usually the result of unfiltered user input being directly included into command executions or database queries.

read more

An Introduction to SQL Injection (SQLi)

Injection attacks are the most common type of fault found in web applications, they are usually the result of unfiltered user input being directly included into command executions or database queries.

Read more

Web cache poisoning explained

A cache in computing is a temporary store of any content that has been retrieved from its original (master) source. Caches are typically used so that the data can be served faster the next time it is requested, since it needs only be retrieved from the local cache rather than the original source. The problem from a security point of view is that any response that is successfully cached will by design be stored and served to other users, and in some circumstances this can lead to problems.

Read more

Webinar: Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) is by far the most widespread high impact vulnerability, present even in the best of web applications, regardless of the framework or programming language employed - a burly steadfast member of the OWASP Top Ten.
Here at AppCheck the client-side nature of typical XSS has led to a general underappreciation of its exploitation potential, though a good understanding of the vulnerability and its subtle variations will show how it can be used to devastating effect... and more importantly: how it can be avoided.
In this seminar we will build up piece-by-piece an understanding of XSS that spares no detail.

Read more

AppCheck Vulnerability Scanner Release Notes - 03.03.2020

A short summary of recent work on the product and an insight into the development of AppCheck.

Read more

GhostCat Vulnerability - CVE-2020-1938

Aside from being a – by all accounts truly terrible – direct-to-TV movie about a recently deceased cat who comes back from the dead to try and stop scammers and wealthy businessmen from making unnecessary land-development deals, “Ghostcat” is also the fond nickname for vulnerability CVE-2020-1938.

Read more

Cloud & Cyber Security Expo 2020

AppCheck will be attending the Cloud & Cyber Security Expo 2020 in March and we hope to see you there.

Of course you can expect talks from our Head of Research & Development, Nick Blundell across both days in the 'Application Security and DevSecOps' theatre.

Read more

AppCheck Wins Prolific North Tech Awards 2020

The Prolific North Awards represent 'the very best tech companies' across the North, judged by an esteemed panel of industry leaders and experts. This year AppCheck took the win for 'Best Application of Tech - Security' due to the way we have applied our automated vulnerability scanning tool to the industry and our advances in application scanning.

Read more

Webinar: Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) is by far the most widespread high impact vulnerability, present even in the best of web applications, regardless of the framework or programming language employed - a burly steadfast member of the OWASP Top Ten.
Here at AppCheck the client-side nature of typical XSS has led to a general underappreciation of its exploitation potential, though a good understanding of the vulnerability and its subtle variations will show how it can be used to devastating effect... and more importantly: how it can be avoided.
In this seminar we will build up piece-by-piece an understanding of XSS that spares no detail.

Read more

London Web Application Security Seminar - March 2020

Web Application Security Seminar

The Web Application Security seminar is a free event that presents a detailed analysis of the most common threats facing web applications today. We will review high profile examples and provide a technical breakdown of critical security flaws along with an introduction into emerging technologies such as HTML5.
Each candidate will receive a copy of the slides and exclusive tools and exploit code used in the live hacking demonstrations.

Read more

Case Study - Mansfield Building Society

'I can go on the platform and understand the results that are coming in, see where the biggest threats are, and where we need to focus our immediate attention. This ensures that we close off any of the high risk vulnerabilities as quickly as we can.'

See how we enabled Mansfield Building Society to move from a restrictive manual testing strategy to a cost-effective approach, providing year round visibility with the control back in their hands.

Read more