Blogs & Articles
Cybersecurity News, Latest Vulnerabilities, Hacking Tutorials
Burp Extension Dev Part 3: Singletons & Scope
Overview In the third part of our series on creating extensions for Burp Suite using the Montoya API, we will learn about design patterns and implement a Singleton object. Additionally, we'll ensure our custom header only gets added to in-scope requests. If you...
1st Annual TCM CTF Web Walkthroughs
Overview On December 16, 2023, TCM Security held our first annual invitational CTF with the help of MetaCTF! Any student holding a current All-Access Membership at TCM Academy could take part in the CTF, which featured plenty of challenges! In this blog post, we'll...
Burp Extension Dev Part 4: GUI Design
Overview In part 4 of our series on creating extensions for Burp Suite using the Montoya API, we will learn about designing an interactive GUI for our extension. If you haven’t read the previous installments of this blog post series yet, we highly recommend you do...
Learn AppSec Testing in 2024
Overview Starting an Application Security (AppSec) testing career in 2024 can seem daunting given the vast landscape of content and resources. In this blog post we will demystify the journey, offering wisdom, practical advice, and resourceful tips help you out. This...
Healthy Study Habits to Become a Pentester
Introduction The journey to becoming a skilled penetration tester is as challenging as it is rewarding. It requires not only technical expertise but also a set of healthy habits to maintain focus, enhance learning, and ensure personal well-being. In this post, we'll...
How to Pass the PNPT Exam First Time
Overview Embarking on the journey to clear the PNPT (Professional Network Penetration Tester) exam can be a daunting yet fulfilling experience. In this post, we'll explore strategies I've gathered from my own journey to help you study, prepare, and successfully clear...
Programming with AI: Mini Course
Learn to code with AI: Enhance your skills with our beginner-friendly course on best practices, prompt engineering, and efficient development.
Avoid “OR 1=1” in SQL Injections
Overview Despite its popularity as an SQL injection example, we argue that "OR 1=1" presents more risks than rewards. It may work for login bypasses occasionally, but its reliability is questionable, and better alternatives exist. We explore the drawbacks, from...
Burp Extension Dev Part 1: Setup & Basics
Overview In this blog post series, we'll guide you through the process of creating Burp extensions. First, we will set up your development environment. Then, we will create a basic extension to add a custom feature to Burp Suite. Over the course of the series, we will...
The Practical Junior Web Tester (PJWT) Exam
Gain practical skills in web app penetration testing with the PJWT certification, designed for beginners and experienced testers.
Penetration Testing - PCI Compliance - Auditing
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.