Professionally Evil Insights
Welcome to the Professionally Evil Insights blog by Secure Ideas! In this digital playground, we unravel the complex world of information security with a touch of fun. Our expert-led content ranges from deep-dives into penetration testing to explorations of hardware hacking. Whether you're curious about Secure Ideas or passionate about cybersecurity, this blog is your quick, enlightening, and entertaining guide into the captivating world of information security.
Welcome aboard!
Top 5 Security Considerations for a New Web App - 5. Establishing an Dependency Patching Plan
Welcome to our comprehensive series on the Top 5 Security Considerations for a New Web App. This post wraps up the series, focusing on Establishing a Dependency Patching Plan, and is part of a broader effort to equip developers, IT professionals, and web administrators with essential security ...
Continue Reading
Never miss a Professionally Evil update!
Top 5 Security Considerations for a New Web App - 4. Logging and Monitoring
Welcome to our comprehensive series on the Top 5 Security Considerations for a New Web App. This ...
Continue Reading
Top 5 Security Considerations for a New Web App - 3. Data Encryption and Protection
Welcome to my comprehensive series on the Top 5 Security Considerations for a New Web App. This ...
Continue Reading
Top 5 Security Considerations: 2. Authentication & Authorization
Welcome to my comprehensive series on the Top 5 Security Considerations for a New Web App. This ...
Continue Reading
Top 5 Security Considerations: 1. Secure Coding
Welcome to my comprehensive series on the Top 5 Security Considerations for a New Web App. For this ...
Continue Reading
Top 5 Security Considerations for a New Web App
There was a time when many folks responsible for building and deploying web applications were naive ...
Continue Reading
Being Safe and Secure with Cross-Origin Messaging
security |
JavaScript |
application |
web |
cross-origin
Complex web and mobile apps often depend on cross-domain interactions between different online ...
Continue Reading
The reason I stopped using Postman for API Pentests
I’ve been a proponent of Postman for a number of years. I’ve written and spoken about using it in ...
Continue Reading
Mission Imfuzzable: How to Fuzz Web Apps you can't Intercept
Introduction Fuzzing is a critical technique for finding vulnerabilities in web applications by ...
Continue Reading
What happened to CVE-2022-23529? And what can we learn from it?
If you saw the disclosure notice for the flaw CVE-2022-23529, it would have been presented as a ...
Continue Reading
12 Days of ZAPmas - Day 12 Testing a new Content-Security-Policy
What is the CSP? The Content-Security-Policy (CSP) is a widely recommended control and is ...
Continue Reading
Twelve Days of ZAPmas - Day 11 - ZAP impressions from a Burp user
It probably seems a bit odd to do this on Day 11 and not at the end of the series, but I have one ...
Continue Reading