by TCMS Staff | Mar 19, 2025 | Security, SOC
In 2025, phishing is still one of the most ubiquitous and effective attack vectors cybercriminals use to steal credentials, distribute malware, and compromise organizations. Oftentimes, these phishing campaigns stem from deceptive URLs which are crafted to appear...
by Alex Tushinsky | Sep 18, 2024 | Security
I often hear from people that audits are “brutal” and that passing a SOC 2 audit is a significant accomplishment. Most people I talk to feel that an audit is a burden and that passing it takes a lot of extra, unnecessary effort. At TCM Security, we...
by Alex Olsen | Oct 4, 2023 | Security, Web Applications
Overview NoSQL databases, a term that stands for “Not Only SQL,” represent a shift from traditional relational databases. Unlike their SQL-based counterparts that rely heavily on tables and fixed schemas, NoSQL databases provide flexible storage...
by Alex Olsen | Sep 20, 2023 | Programming, Security
Overview With application security being a critical component of most organizations defenses, development teams must be proactive to safeguard their applications. This article delves into three fundamental practices to enhance security: viewing every user through a...
by Alex Olsen | Aug 9, 2023 | Penetration Testing, Security, Web Applications
GraphQL, a query language for your API and a server-side runtime for executing those queries, is rapidly becoming a prevalent technology in modern web applications. This technology, developed by Facebook in 2012 and released as an open-source project in 2015, provides...
by Alex Olsen | Aug 2, 2023 | Penetration Testing, Security, Web Applications
Overview XPath Injection, akin to other common injection attacks, specifically targets vulnerabilities within an application’s user input processing system. But what sets XPath Injection apart is its exploitation of XPath queries. The fallout? Unauthorized...
