AppCheck Security Blog

Webinar: URLs, Uploads & Dragons

In this webinar we explore through example how assumptions and subtle mishandling of URLs and files can lead to various high severity OWASP Top 10 vulnerabilities.

read more

Webinar: URLs, Uploads & Dragons

In this webinar we explore through example how assumptions and subtle mishandling of URLs and files can lead to various high severity OWASP Top 10 vulnerabilities.

Read more

Webinar: The Great Database Heist: Where’d all my Data Just go!?

We will explore how such common OWASP Top 10 vulnerabilities arise, looking at SQL and NoSQL injection attacks and exploits, and importantly at how to avoid them, sparing no detail whilst being accessible also at a non-technical level.

Read more

Beyond the OWASP Top 10 – “Chicken Bits”, Pollution & Greedy Matches

In this article we go boldly beyond the OWASP Top 10 to review a few critical, interesting or just plain bizarre vulnerabilities not included in OWASP Top 10 and see how they could impact you.

Read more

What to expect from your free vulnerability scan

In this article, we’re going to look at what a vulnerability scan is, how it can help to protect your organisation, and how AppCheck will work with you to deliver a free trial scan of your own websites, networks and infrastructure to demonstrate these benefits. 

Read more

Webinar: XSS-Mas! …and a Hijacked New Year!

Cross-Site Scripting (XSS) is by far the most widespread high impact vulnerability, present even in the best of web applications, regardless of the framework or programming language employed - a burly steadfast member of the OWASP Top Ten.

Read more

Template Injection: JsRender/JsViews

In this blog post we will explore Template Injection attacks against the JsReder/JsViews library.

Read more

External Entity Injection (XXE)

An XML (Extensible Markup Language) External Entity or XXE attack occurs when an attacker is able to exploit the application's processing of XML data by injecting malicious entities.

Read more

Introduction to... Deserialisation Vulnerabilities

Deserialisation vulnerabilities were introduced to the OWASP Top 10 in 2017, nudging out Cross-Site Request Forgery (CSRF), based on the increasing prevalence and impact of deserialisation attacks reported in an industry survey. But what are deserialisation vulnerabilities, how do they occur, why did the threat from them suddenly increase in recent years, and what can be done to protect your organisation from this vulnerability?

Read more

ASP.NET Antiforgery Cookie Name Discloses Virtual Application Path

Applications written ASP.NET can take advantage of the antiforgery middleware to prevent Cross Site Request Forgery attacks. When properly used, this middleware requires requests to include both a cookie and parameter value which must validate together (along with the user’s session) before the request will be processed.

Read more

Tales of Terror [Readers Beware]

Read more