AppCheck Security Blog
Featured post
Introduction to... Deserialisation Vulnerabilities
/ Posted November 10, 2020
Deserialisation vulnerabilities were introduced to the OWASP Top 10 in 2017, nudging out Cross-Site Request Forgery (CSRF), based on the increasing prevalence and impact of deserialisation attacks reported in an industry survey. But what are deserialisation vulnerabilities, how do they occur, why did the threat from them suddenly increase in recent years, and what can be done to protect your organisation from this vulnerability?
read moreFilter by:
Introduction to... Deserialisation Vulnerabilities
Research / Posted November 10, 2020
Deserialisation vulnerabilities were introduced to the OWASP Top 10 in 2017, nudging out Cross-Site Request Forgery (CSRF), based on the increasing prevalence and impact of deserialisation attacks reported in an industry survey. But what are deserialisation vulnerabilities, how do they occur, why did the threat from them suddenly increase in recent years, and what can be done to protect your organisation from this vulnerability?
Read moreASP.NET Antiforgery Cookie Name Discloses Virtual Application Path
Research / Posted November 01, 2020
Applications written ASP.NET can take advantage of the antiforgery middleware to prevent Cross Site Request Forgery attacks. When properly used, this middleware requires requests to include both a cookie and parameter value which must validate together (along with the user’s session) before the request will be processed.
Read moreTales of Terror [Readers Beware]
News / Posted October 30, 2020
Server-Side Request Forgery (SSRF) & the Cloud Resurgence
Research / Posted October 20, 2020
So what exactly is SSRF? How does it work, why is it more prevalent in 2020, and how can we protect against it?
Read moreWeb App Security: Why So Hard?
Events / Posted October 16, 2020
Action... Mystery... Intrigue...
What does AppCheck's latest have in store? Click for more...
A COVID Christmas: Protecting Your Critical Ecommerce Assets
News Product / Posted October 07, 2020
In this article we will address the current situation, how hackers can exploit your websites, what you can do to protect yourself and where AppCheck comes in as an automated penetration testing tool to make sure you’re not leaving yourself vulnerable.
Read moreWebinar: Why Web Application Security Should be Job Number One
Events / Posted October 06, 2020
We will provide a high-level overview of why web app security is important with case studies into recent hacks before looking at how you as a business can help mitigate these attacks with practical advice.
Read moreWebSocket Security - Cross-Site Hijacking (CSWSH)
Research / Posted October 01, 2020
In this article we are going to take a look at one of the newer technologies used in modern web applications, the “WebSockets” that were standardized by the Internet Engineering Task Force (IETF) in 2011.
Read moreInsecure Direct Object Reference
Research / Posted September 25, 2020
Insecure Direct Object Reference, is a common web application vulnerability that allows an attacker to bypass mis-configured logical access controls and access sensitive data.
In this article, we will step through looking at what IDOR is, how it can often be introduced as a vulnerability, how an attacker is able to exploit it, and how to defend against it.
CyberWhite Interviews our Head of Development
News / Posted September 16, 2020
CyberWhite sat down with our Head of Development, Graham Bacon, to discuss all things AppCheck.
Read more