Client Portal
Contact Us

Professionally Evil Blog

A blog by experts of penetration testing and other security assessments.
    Featured Image
    Introducing BILE - Groundbreaking Classification for Web App
    Training |  penetration testing |  OWASP |  web application security |  BILE |  OWASP Top 10 |  BILE Classification Scheme |  vulnerability classification
    As a seasoned web application penetration tester, I've always felt that there should be a more straightforward way to classify web application vulnerabilities according to testing activities. This became even more apparent to me when I started to maintain our Professionally Evil Application ...
    Continue Reading

    Never miss a Professionally Evil update!

    Sign Up For Our Newsletter
    Introducing PETaaS: Professionally Evil Testing as a Service
    Introducing PETaaS: Professionally Evil Testing as a Service
    We're thrilled to announce the launch of our latest offering: Professionally Evil Testing as a ...
    Continue Reading
    Ace CISSP Exam Prep with ChatGPT: Your AI Study Buddy
    Ace CISSP Exam Prep with ChatGPT: Your AI Study Buddy
    Are you preparing for the CISSP exam or any other exam that requires a deep understanding of ...
    Continue Reading
    Why we ditched LastPass
    Why we ditched LastPass
    LastPass is a very popular password management service with both personal and business solutions. ...
    Continue Reading
    Hunting Secrets
    Hunting Secrets
    Applications are hemorrhaging sensitive data. In many cases, the culprit is marketing and analytics ...
    Continue Reading
    Why your application needs a Content Security Policy (And How to Build One)
    Why your application needs a Content Security Policy (And How to Build One)
    As a web application owner, it is crucial to understand the concept of a content security policy ...
    Continue Reading
    Announcing Burp Co2!
    Announcing Burp Co2!
    This is for those of you who do web pen testing with Portswigger’s Burp proxy tool!  Over the past ...
    Continue Reading
    How to configure Android (Virtual) for Mobile PenTest
    How to configure Android (Virtual) for Mobile PenTest
    Setting up your environment for a mobile application penetration test can be a chore, especially if ...
    Continue Reading
    Cooking up Better Security Incident Communications
    Cooking up Better Security Incident Communications
    I am fond of meal kits. I enjoy the entire experience: the scrolling through delicious-looking meal ...
    Continue Reading
    Once upon a time there was a WebSocket
    Once upon a time there was a WebSocket
    This is the story from one of our recent penetration testing engagements. Still, the story is a ...
    Continue Reading
    Security Review of Nest Camera
    Security Review of Nest Camera
    I love tinkering with home automation and security solutions.  The simplicity of turning on a light ...
    Continue Reading
    Equifax Breach: Why I am not surprised
    Equifax Breach: Why I am not surprised
    The Equifax breach, announced in September 2017, is said to potentially impact some 143 million ...
    Continue Reading
    1 2 3 4