Professionally Evil Blog
A blog by experts of penetration testing and other security assessments.
Why we ditched LastPass
LastPass is a very popular password management service with both personal and business solutions. Recently, LastPass has experienced mounting criticism from the information security industry as a result of an incident described in an August 25, 2022 blog post. The blog post was updated in November, ...
Learn more
Never miss a Professionally Evil update!

Hunting Secrets
Applications are hemorrhaging sensitive data. In many cases, the culprit is marketing and analytics ...
Learn more
Why your application needs a Content Security Policy (And How to Build One)
As a web application owner, it is crucial to understand the concept of a content security policy ...
Learn more

Announcing Burp Co2!
This is for those of you who do web pen testing with Portswigger’s Burp proxy tool! Over the past ...
Learn more

How to configure Android (Virtual) for Mobile PenTest
Setting up your environment for a mobile application penetration test can be a chore, especially if ...
Learn more

Cooking up Better Security Incident Communications
I am fond of meal kits. I enjoy the entire experience: the scrolling through delicious-looking meal ...
Learn more

Once upon a time there was a WebSocket
This is the story from one of our recent penetration testing engagements. Still, the story is a ...
Learn more

Security Review of Nest Camera
I love tinkering with home automation and security solutions. The simplicity of turning on a light ...
Learn more

Equifax Breach: Why I am not surprised
The Equifax breach, announced in September 2017, is said to potentially impact some 143 million ...
Learn more

Are You Ready for Your Pen Test?
It is day three of a five-day penetration test engagement and we still don’t have all the ...
Learn more

Cloud-Base Host Discovery Is Easier Than You Think!
During a recent conversation at DerbyCon it occurred to me that some security folks who are just ...
Learn more

Wireless Attacking EAP-TTLS with Kali 2 and ALFA AWUS051NH
Is your corporate wifi as secure as you think it is? A common configuration for WPA Enterprise ...
Learn more