AppCheck Security Blog
Featured post
WebSocket Security - Cross-Site Hijacking (CSWSH)
/ Posted October 01, 2020
In this article we are going to take a look at one of the newer technologies used in modern web applications, the “WebSockets” that were standardized by the Internet Engineering Task Force (IETF) in 2011.
read moreFilter by:
WebSocket Security - Cross-Site Hijacking (CSWSH)
Research / Posted October 01, 2020
In this article we are going to take a look at one of the newer technologies used in modern web applications, the “WebSockets” that were standardized by the Internet Engineering Task Force (IETF) in 2011.
Read moreInsecure Direct Object Reference
Research / Posted September 25, 2020
Insecure Direct Object Reference, is a common web application vulnerability that allows an attacker to bypass mis-configured logical access controls and access sensitive data.
In this article, we will step through looking at what IDOR is, how it can often be introduced as a vulnerability, how an attacker is able to exploit it, and how to defend against it.
CyberWhite Interviews our Head of Development
News / Posted September 16, 2020
CyberWhite sat down with our Head of Development, Graham Bacon, to discuss all things AppCheck.
Read moreSingle Page Applications (SPA)
Research / Posted September 01, 2020
Essentially a SPA is a client-side dynamic web application that makes a full HTML page load initially but thereafter responds to all DOM events initiated by actions such as clicking on links by dynamically rewriting the current web page, rather than the default method in a traditional “multi-page” web application of the browser loading entire new pages.
Read moreHTML5 Cross-Document Messaging Vulnerabilities
Research / Posted August 12, 2020
In this article, we take a look at the security model that the Web Messaging API (a.k.a. “Cross-Document Messaging”) - is built on, why the security measures that it introduces are necessary, and some of the potential mis-configurations that can undermine the API’s security model.
Read morevBulletin Zero Day Details & Plug-in
News Product Security Alerts / Posted August 10, 2020
Security researcher Amir Etemadieh has released a pre-authentication zero-day remote command execution (RCE) exploit in vBulletin. This exploit is bypasses the patch for a previous RCE in vBulletin 5.0 through 5.4 and has since been assigned CVE-2019-16759.
Read moreCase Study - East Ayrshire Council
Case Studies / Posted August 06, 2020
East Ayrshire Council have over 5,000 employees and a vast IT infrastructure. They needed a tool that could scan their internal and external environments, with a price tag that was right for a local authority. Read on to find out how AppCheck could help.
Read moreWebinar: Integrating Security Testing into your Azure Pipelines
Events / Posted July 27, 2020
Following a popular response from the launch of our Azure Pipeline Integration we have decided to run a webinar exploring the benefits of testing in the SDLC with a deep dive into our integration and how this can help you deliver cheaper and faster security coverage, at lower cost and with greater assurance.
Read moreIntegrating AppCheck into your Azure Pipelines
News Product / Posted July 16, 2020
AppCheck is pleased to announce official support for integration into Microsoft’s Azure Pipelines.
Read moreCross-site scripting webinar - July 2020
Events / Posted July 07, 2020
Cross-Site Scripting (XSS) is by far the most widespread high impact vulnerability, present even in the best of web applications, regardless of the framework or programming language employed - a burly steadfast member of the OWASP Top Ten. In this webinar we will build up piece-by-piece an understanding of XSS that spares no detail.
Read more