Blogs & Articles
Cybersecurity News, Latest Vulnerabilities, Hacking Tutorials
Understanding and Finding Open Redirects
An Open Redirect is a vulnerability in a web application that allows an attacker to redirect a user to an arbitrary website. At first glance, this might not seem harmful, but with a malicious intent, it can be used as part of phishing attacks, malware distribution, or...
Local File Inclusion: A Practical Guide
Local File Inclusion allows an attacker to read files from a server they should not have access to, leading to the exposure of sensitive information.
Should a Company Provide Credentials for Their Penetration Test?
Is giving credentials to a pentester considered cheating? Or is it an efficient use of resources during a limited engagement? Learn about both perspectives.
Secure Web Development Part 1: Common Mistakes
Web development is a dynamic field that’s constantly evolving with new technologies, trends, and security threats. Learn some of the most common mistakes.
API Discovery with Kiterunner
Content discovery is often focused on finding files and folders. However, modern applications not longer conform to this hierarchical approach and specifically applications that use APIs. Kiterunner is a tool that can be used to discover routes and endpoints used in...
Encoding and Decoding Primer
When testing web applications, the understanding and use of various encoding schemes is a fundamental skill. Learn more about encoding and decoding schemes.
BFLA: Broken Function Level Authorization
BFLA allows unauthorized users to access functionality in API endpoints that should be restricted. Learn how to mitigate this vulnerability to secure your APIs.
The Best Apps for Keeping Notes: Pros & Cons
What is the best note-taking application for pentesters? It’s a hot debate, and if you prefer to watch than read then we recently compared many of the popular options in this video. Otherwise, let’s take a look at what each app has on offer to help you decide what’s...
ID Tokens vs Access Tokens: What’s the Difference?
In the realm of secure authentication, two key elements often come to the fore: ID tokens and access tokens. Though these elements might seem similar, understanding their differences, common pitfalls, and best practices is crucial in ensuring the security of your...
Save Time During your Next Pentest
Pentesting is inherently time-consuming. Here are some ways that we can increase the speed and efficiency of penetration testing.
Penetration Testing – PCI Compliance – Auditing
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.