Client Portal
Contact Us

Professionally Evil Insights

Welcome to the Professionally Evil Insights blog by Secure Ideas! In this digital playground, we unravel the complex world of information security with a touch of fun. Our expert-led content ranges from deep-dives into penetration testing to explorations of hardware hacking. Whether you're curious about Secure Ideas or passionate about cybersecurity, this blog is your quick, enlightening, and entertaining guide into the captivating world of information security.

Welcome aboard!

    Featured Image
    What happened to CVE-2022-23529? And what can we learn from it?
    Vulnerability |  developers |  information security |  analysis
    If you saw the disclosure notice for the flaw CVE-2022-23529, it would have been presented as a remote code execution flaw (via JWT secret poisoning) in the jwt.verify method of a main Node.js package for working with JSON Web Tokens (JWTs). The package in question is Auth0’s node_jsonwebtoken ...
    Continue Reading

    Never miss a Professionally Evil update!

    Sign Up For Our Newsletter
    12 Days of ZAPmas - Day 12 Testing a new Content-Security-Policy
    12 Days of ZAPmas - Day 12 Testing a new Content-Security-Policy
    What is the CSP? The Content-Security-Policy (CSP) is a widely recommended control and is ...
    Continue Reading
    Twelve Days of ZAPmas - Day 11 - ZAP impressions from a Burp user
    Twelve Days of ZAPmas - Day 11 - ZAP impressions from a Burp user
    It probably seems a bit odd to do this on Day 11 and not at the end of the series, but I have one ...
    Continue Reading
    Twelve Days of ZAPmas - Day 10 - Manual Web App Testing Unproxied
    Twelve Days of ZAPmas - Day 10 - Manual Web App Testing Unproxied
    Most of the time, proxying the browser doesn’t present any sort of trouble. You should be able to ...
    Continue Reading
    Twelve Days of ZAPmas - Day 9 - Automated Scanning and ATTACK mode
    Twelve Days of ZAPmas - Day 9 - Automated Scanning and ATTACK mode
    application security  |  OWASP  |  automation  |  scanning
    Automated scanning against an application is useful. It’s a faster and less labor-intensive way to ...
    Continue Reading
    Twelve Days of ZAPmas - Day 8 - Spidering
    Twelve Days of ZAPmas - Day 8 - Spidering
    Spidering is an automated process that recursively finds and follows all the navigation from an ...
    Continue Reading
    Twelve Days of ZAPmas - Day 7 - API Testing with Postman and ZAP
    Twelve Days of ZAPmas - Day 7 - API Testing with Postman and ZAP
    application security  |  OWASP  |  API
    If you’ve done any significant amount of API development, there’s a good chance you’ve used ...
    Continue Reading
    Twelve Days of ZAPMAS - Day 6 - Passive Flaw Detection and Using the HUD
    Twelve Days of ZAPMAS - Day 6 - Passive Flaw Detection and Using the HUD
    One of the awesome things about a security-focused interception proxy like ZAP is its ability to ...
    Continue Reading
    Twelve Days of ZAPmas - Day 5 - Scope and Contexts
    Twelve Days of ZAPmas - Day 5 - Scope and Contexts
    Normally I don’t like having my interception proxy hide out-of-scope traffic. Doing so creates a ...
    Continue Reading
    Twelve Days of ZAPmas - Day 4 - Fuzzing for Injection
    Twelve Days of ZAPmas - Day 4 - Fuzzing for Injection
    I briefly introduced fuzzing earlier in the series, citing it as the second primitive upon which ...
    Continue Reading
    Twelve Days of ZAPmas - Day 3 - CYA (Cover Your Auth)
    Twelve Days of ZAPmas - Day 3 - CYA (Cover Your Auth)
    Access control is one of the crucial elements to application security. The vast majority of ...
    Continue Reading
    Twelve Days of ZAPmas - Day 2 - The Edge of Tomorrow
    Twelve Days of ZAPmas - Day 2 - The Edge of Tomorrow
    Day 2 - The Edge of Tomorrow - Replaying and Tampering with Requests Fuzzing and tampering are like ...
    Continue Reading
    1 2 3