AppCheck Security Blog

When Encryption Goes Bad

Customers new to the AppCheck platform can often be surprised at the number of vulnerabilities that AppCheck highlights relating to transport encryption offered on their services – unencrypted (plaintext) services, web applications with vulnerable cipher suites, encryption libraries containing exploitable flaws, registration forms that email users passwords in clear text. The list of checks that AppCheck performs is extensive, and on a website that has not previously been covered by regular vulnerability scanning, the extent of encryption issues can be surprising

read more

When Encryption Goes Bad

Customers new to the AppCheck platform can often be surprised at the number of vulnerabilities that AppCheck highlights relating to transport encryption offered on their services – unencrypted (plaintext) services, web applications with vulnerable cipher suites, encryption libraries containing exploitable flaws, registration forms that email users passwords in clear text. The list of checks that AppCheck performs is extensive, and on a website that has not previously been covered by regular vulnerability scanning, the extent of encryption issues can be surprising

Read more

Webinar: The Great Database Heist: Where'd all my Data Just Go!?

Databases are fantastic - providing a standardised interface for creating, updating, reading and deleting data from a backend system. They can be optimised to efficiently service your applications data storage and retrieval requirements, allowing it to scale effortlessly… and, via common pitfalls in their use, they can give a hacker access to all your data too.

Read more

URGENT Security Advisory: Umbraco Forms RCE patch releases 20th July at 7am UTC

Security Issue:

Researchers at AppCheck have discovered a security issue within Umbraco Forms which could lead to a remote code execution attack and/or arbitrary file deletion. Umbraco are advising everyone be ready for a fix which is to be released 20th July at 7am UTC.

Read more

AppCheck in the hands of a pen tester

Dean Moulden, Senior Penetration Tester at Security Risk Management (SRM), explains how AppCheck helps him and the rest of SRM’s penetration testing team to offer clients a fast, accurate and reliable service.

Read more

HTTP Verbs & Their Security Risks

In this article we’ll take a look into what HTTP “verbs” or methods are, how each varies and works, and what the potential security risks are that should be considered with each. We’ll also see how vulnerability scanners such as AppCheck can automatically check for many of the potential vulnerabilities presented by webservers making use of these methods.

Read more

AppCheck supporting World Refugee Day

In the run up to World Refugee Day on 20th June 2021, AppCheck held a fundraiser to support local humanitarian Rob Lawrie's work with child refugees in camps across Europe.

Read more

AppCheck Wins Global Business Tech Awards 2021

This year AppCheck took the win for 'Cyber Security Company of the Year' at the Global Business Tech Awards 2021.

Read more

Web App Security: Why So Hard?

Action... Mystery... Intrigue...
What does AppCheck's webinar latest have in store? Click for more...

Read more

Webinar: How Does Automated Vulnerability Scanning Work?

The webinar begins with AppCheck’s Head of Research & Development as he takes an in-depth look at web application security and the difficulties in ensuring they are secure. From here an AppCheck consultant provides an overview of the AppCheck Vulnerability Scanning Tool and what exactly our free trial scan entails.

Read more

Attacking the Supply Chain: Dependency Confusion

Modern web applications are typically built using a combination of in-house custom code and third-party libraries. The in-house code leverages functionality from typically open-source libraries that provide convenient access in the chosen development language to common functions (such as email sending or data structure access). These libraries will typically be deployed to the webserver serving the web application along with the in-house code... [read more]

Read more