0. Overview Web applications actively facilitate business operations, allowing businesses to interact with customers, streamline processes, and deliver crucial services over the internet. Cyber attackers often focus on these applications because of their online...
Introduction The new Practical Web Penetration Tester (PWPT) certification is now available! In this article, we’ll talk about how to prepare for the exam. You won’t find any spoilers, but you will find some helpful tips for how best to prepare for and approach the...
Overview In the third part of our series on creating extensions for Burp Suite using the Montoya API, we will learn about design patterns and implement a Singleton object. Additionally, we’ll ensure our custom header only gets added to in-scope requests. If you...
Overview On December 16, 2023, TCM Security held our first annual invitational CTF with the help of MetaCTF! Any student holding a current All-Access Membership at TCM Academy could take part in the CTF, which featured plenty of challenges! In this blog post,...
Overview Starting an Application Security (AppSec) testing career in 2024 can seem daunting given the vast landscape of content and resources. In this blog post we will demystify the journey, offering wisdom, practical advice, and resourceful tips help you out. This...
Overview Despite its popularity as an SQL injection example, we argue that “OR 1=1” presents more risks than rewards. It may work for login bypasses occasionally, but its reliability is questionable, and better alternatives exist. We explore the drawbacks,...