Blogs & Articles
Cybersecurity News, Latest Vulnerabilities, Hacking Tutorials
Secure Web Development Part 1: Common Mistakes
Web development is a dynamic field that’s constantly evolving with new technologies, trends, and security threats. Learn some of the most common mistakes.
API Discovery with Kiterunner
Content discovery is often focused on finding files and folders. However, modern applications not longer conform to this hierarchical approach and specifically applications that use APIs. Kiterunner is a tool that can be used to discover routes and endpoints used in...
Encoding and Decoding Primer
When testing web applications, the understanding and use of various encoding schemes is a fundamental skill. Learn more about encoding and decoding schemes.
BFLA: Broken Function Level Authorization
BFLA allows unauthorized users to access functionality in API endpoints that should be restricted. Learn how to mitigate this vulnerability to secure your APIs.
The Best Apps for Keeping Notes: Pros & Cons
What is the best note-taking application for pentesters? It’s a hot debate, and if you prefer to watch than read then we recently compared many of the popular options in this video. Otherwise, let’s take a look at what each app has on offer to help you decide what’s...
ID Tokens vs Access Tokens: What’s the Difference?
In the realm of secure authentication, two key elements often come to the fore: ID tokens and access tokens. Though these elements might seem similar, understanding their differences, common pitfalls, and best practices is crucial in ensuring the security of your...
Save Time During your Next Pentest
Pentesting is inherently time-consuming. Here are some ways that we can increase the speed and efficiency of penetration testing.
Clickjacking 101: What is Clickjacking and How Does it Work?
Clickjacking, also known as UI Redressing, is a technique that tricks users into clicking on unintended elements on a website. Learn more about how it works.
Learn WebApp Pentesting: 2023 Edition
This article reviews how you can become become a web application penetration tester or application security engineer with updated advice for 2023.
OWASP API Top10 2023 Candidate List, So What’s New?
Review the top threats to APIs identified in the OWASP 2023 Candidate List. Top threats include Broken Object Level Authorization, SSRF, and more!
Penetration Testing - PCI Compliance - Auditing
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.