I often hear from people that audits are “brutal” and that passing a SOC 2 audit is a significant accomplishment. Most people I talk to feel that an audit is a burden and that passing it takes a lot of extra, unnecessary effort. At TCM Security, we...
Overview NoSQL databases, a term that stands for “Not Only SQL,” represent a shift from traditional relational databases. Unlike their SQL-based counterparts that rely heavily on tables and fixed schemas, NoSQL databases provide flexible storage...
Overview With application security being a critical component of most organizations defenses, development teams must be proactive to safeguard their applications. This article delves into three fundamental practices to enhance security: viewing every user through a...
GraphQL, a query language for your API and a server-side runtime for executing those queries, is rapidly becoming a prevalent technology in modern web applications. This technology, developed by Facebook in 2012 and released as an open-source project in 2015, provides...
Overview XPath Injection, akin to other common injection attacks, specifically targets vulnerabilities within an application’s user input processing system. But what sets XPath Injection apart is its exploitation of XPath queries. The fallout? Unauthorized...
Bug bounty programs have been a popular phenomenon in the tech industry for the last decade or so. They’re an opportunity for anyone to identify vulnerabilities in a company’s software or infrastructure and get rewarded for their discoveries. But, how do...