Professionally Evil Blog
A blog by experts of penetration testing and other security assessments.
Why we ditched LastPass
LastPass is a very popular password management service with both personal and business solutions. ...Learn more
Applications are hemorrhaging sensitive data. In many cases, the culprit is marketing and analytics ...Learn more
Why your application needs a Content Security Policy (And How to Build One)
As a web application owner, it is crucial to understand the concept of a content security policy ...Learn more
Announcing Burp Co2!
This is for those of you who do web pen testing with Portswigger’s Burp proxy tool! Over the past ...Learn more
How to configure Android (Virtual) for Mobile PenTest
Setting up your environment for a mobile application penetration test can be a chore, especially if ...Learn more
Cooking up Better Security Incident Communications
I am fond of meal kits. I enjoy the entire experience: the scrolling through delicious-looking meal ...Learn more
Once upon a time there was a WebSocket
This is the story from one of our recent penetration testing engagements. Still, the story is a ...Learn more
Security Review of Nest Camera
I love tinkering with home automation and security solutions. The simplicity of turning on a light ...Learn more
Equifax Breach: Why I am not surprised
The Equifax breach, announced in September 2017, is said to potentially impact some 143 million ...Learn more
Are You Ready for Your Pen Test?
It is day three of a five-day penetration test engagement and we still don’t have all the ...Learn more
Cloud-Base Host Discovery Is Easier Than You Think!
During a recent conversation at DerbyCon it occurred to me that some security folks who are just ...Learn more
Wireless Attacking EAP-TTLS with Kali 2 and ALFA AWUS051NH
Is your corporate wifi as secure as you think it is? A common configuration for WPA Enterprise ...Learn more