Professionally Evil Blog
A blog by experts of penetration testing and other security assessments.
Professionally Evil Insights: 2015
Are you interested in knowing which vulnerabilities are the most commonly discovered in penetration ...
Learn more

Five Outdated Security Excuses
The Security Industry as a whole has been known to criticize businesses large and small with ...
Learn more

Introducing Burp Correlator!
This one is for you web penetration testers! This new Burp extension is designed to help with ...
Learn more
Practical Pentest Advice from PCI
The PCI Security Standards Council released a Penetration Testing Guidance information supplement ...
Learn more

Tip: Running BurpSuite on a Mac
Here’s a quick tip I use to save some time when spinning up Burp Suite on a Mac. I use Burp Suite ...
Learn more
And Now... Introducing: Burp BS!
Burp BS… where the “BS” stands for BeanShell. “What on earth is BeanShell?” you may ask? ...
Learn more

MobiSec 2.0 Awesomeness Unleashed!
MobiSec has undergone a major reconstruction and version 2.0 (actually 2.0.1) is now available for ...
Learn more
Don't Forget the Little Things!
On January 31st, Deusen disclosed what was described as a Same Origin Policy Bypass flaw called ...
Learn more
CarolinaCon 11 Slides for Anatomy of Web Client Attack
For those who have asked – my slide deck for Anatomy of Web Client Attacks can be downloaded here. ...
Learn more
Adventures in LDAP Injection: Exploiting and Fixing
Every pen tester looks forward to that next encounter that includes one of those uncommon ...
Learn more

Web Penetration Testing with Burp and CO2
Start 2015 right with a free web session to learn all about the Burp CO2 plugin! This training ...
Learn more

Burp CO2 now sports some Laudanum Scripts!
There have been a number of updates to the Burp CO2 extension suite over the past couple of months ...
Learn more