by Alex Olsen | May 3, 2023 | Security, Web Applications
Clickjacking, also known as UI Redressing, is a technique that tricks users into clicking on unintended elements on a website. By using hidden elements, attackers deceive users into performing actions that they did not intend to carry out. Learn more about...
by TCMS Staff | Mar 30, 2023 | Security
Overview Cross-Site Scripting (XSS) is a type of security vulnerability in web applications that enables an attacker to insert malicious code into a web page that can be viewed by other users (typically in the form of scripts). When a web application fails to properly...
by Alex Olsen | Mar 9, 2023 | Security
Threat modeling is a process used to identify potential threats and weaknesses in a system. It involves breaking down a system and examining it to better understand what needs protecting, who might attack it, and how it can be protected. So who needs to be involved?...
by Alex Olsen | Mar 2, 2023 | Security, Web Applications
Code review is an essential part of the web application penetration testing process but is often overlooked. We’re going to look at why it’s important and how to get started. There are a number of reasons why we might decide to review the source code of an application...
by Heath Adams | Feb 17, 2023 | Penetration Testing, Security
While penetration testing can be considered “adversarial” testing, it should be anything but that. Your penetration test, no matter who you do it with, should be a partnership. In every partnership, communication is key. Settling for a pentest company that merely...
by Alex Olsen | Feb 7, 2023 | Programming, Security
JavaScript is a bit like Marmite, you either love it or hate it. Regardless of how it makes us feel, it is a powerful tool for attacking users and exploitation. Often, popping alert(1) is proof enough to get a fix but doesn’t demonstrate the full impact an attacker...
