by TCMS Staff | Dec 3, 2025 | Web Applications
Introduction Earlier this year I published an OWASP Top 10 2025 prediction blog where I pulled CVE data from 2021 and made data driven predictions on where the new top 10 list will land. Now that the official list has been released, it’s time to reflect on the results...
by TCMS Staff | Jul 16, 2025 | Security, Web Applications
Every web application is vulnerable to a type of attack in which a malicious third party repeatedly connects to your web server and/or makes bulk HTTP requests, consuming resources and preventing other legitimate requests from being processed. This is called a Denial...
by Josh Daniels | Apr 25, 2025 | Learning, Web Applications
From ordering takeout to filing our taxes, we interact with applications that operate on the web every day. Some of these applications are rigorously tested and hardened against exploitation from malicious actors, and some are not, but even the best-developed...
by Alex Olsen | Mar 12, 2025 | Web Applications
One of the most overlooked yet effective techniques in our toolkit when pentesting web applications is code review. Unlike automated scanning and some black-box testing, code review digs into an application’s logic, uncovers subtle or blind vulnerabilities, and...
by TCMS Staff | Jan 29, 2025 | Web Applications
Every four years, the Open Web Application Security Project (OWASP) publishes a top ten list of the most critical security risks that web applications are prone to. This list was last published in 2021, marking 2025 as the year for an update. OWASP utilizes a plethora...
by Alex Olsen | Dec 18, 2024 | Web Applications
What is Prototype Pollution? Prototype pollution is a critical vulnerability that affects JavaScript applications by allowing an attacker to manipulate the prototype of JavaScript objects, often leading to unexpected and dangerous behaviors throughout the application....
