Professionally Evil Insights

Welcome to the Professionally Evil Insights blog by Secure Ideas! In this digital playground, we unravel the complex world of information security with a touch of fun. Our expert-led content ranges from deep-dives into penetration testing to explorations of hardware hacking. Whether you're curious about Secure Ideas or passionate about cybersecurity, this blog is your quick, enlightening, and entertaining guide into the captivating world of information security.

Welcome aboard!

    Many Hands Approach To AppSec
    "If you want to frustrate a good developer, interfere with their ability to complete work." - Developers I've been working in technology for nearly two decades. More than half of that has had software development as one of my primary daily responsibilities. A time I look back on fondly was early in ...
    Continue Reading

    Never miss a Professionally Evil update!

    The CISO's Myopia
    Fifteen years ago, I wrote an article entitled "The CSO’s Myopia." At the time, I aimed to ...
    Continue Reading
    Kubernetes Pentesting: The Hacker’s Harvest
    Are you ready to dive into the world of Kubernetes pentesting? Join us for our upcoming webcast, ...
    Continue Reading
    From Code to Cloud: Strengthening IaC Security with SAST
    IaC  |  SAST
    Infrastructure as Code (IaC) is a cornerstone in modern DevOps and DevSecOps practices, but how do ...
    Continue Reading
    NMAP in Action: API's
    In a recent blog post, my coworker Josh introduced the fundamentals of NMAP and highlighted its ...
    Continue Reading
    Tartar Sauce for your Phishing Program
    Phishing awareness exercises have become a common part of the larger security strategy for many ...
    Continue Reading
    From Linux to PowerShell and Back: A Quick Command Reference
    Linux  |  powershell
    Quick Overview If you are like me, you are switching back and forth between Linux and Windows ...
    Continue Reading
    Flipper Zero: Hardware Hacking JTAG and SWD Webcast
    The Flipper Zero is known as a hacking multitool. It can cover a range of hacking from sub-ghz ...
    Continue Reading
    The Client-Side Security Trap: A Warning For Developers
    Considering the inherent complexities of modern web development, understanding the distinct roles ...
    Continue Reading
    Top 5 Security Considerations for a New Web App - 5. Establishing an Dependency Patching Plan
    Welcome to our comprehensive series on the Top 5 Security Considerations for a New Web App. This ...
    Continue Reading
    Top 5 Security Considerations for a New Web App - 4. Logging and Monitoring
    Welcome to our comprehensive series on the Top 5 Security Considerations for a New Web App. This ...
    Continue Reading
    Top 5 Security Considerations for a New Web App - 3. Data Encryption and Protection
    Welcome to my comprehensive series on the Top 5 Security Considerations for a New Web App. This ...
    Continue Reading