Professionally Evil Blog
A blog by experts of penetration testing and other security assessments.
The first step in securing any organization is to understand what you have. Unless you have a strong understanding of the systems and services on your network, you have no hope of keeping it both secure and usable. You could implement extremely strong controls to lock down everything, but then ...
Continue Reading
Never miss a Professionally Evil update!
10 Tips for Engaging a Security Services Vendor
The Information Security market brought in an estimated $167 billion in 2019 and that’s expected ...
Continue Reading
How to Test Your Security Controls for Small/Medium Businesses
We often get contacted by small businesses requesting their first penetration test because of ...
Continue Reading
Compliance is not Security
Many folks get confused about the difference between security and compliance. Many, especially ...
Continue Reading
Silencing Firefox's Chattiness for Web App Testing
Firefox is one chatty browser! Even if you don’t actually use it for anything, it’s constantly ...
Continue Reading
Checking Under the Bed
I’ve got four kids and part of their chores involve cleaning up their bedrooms. Inevitably, their ...
Continue Reading
These Aren't the Password Guidelines You're Looking For
“You don’t need to see his identification.” It’s a classic line. With a flick of the wrist old ...
Continue Reading
Protecting your Kids from Online Threats
“The greatest gifts you can give your children are the roots of responsibility and the wings of ...
Continue Reading
Hours After The Penetration Test, This CSO Revealed Something That Will Leave You In Tears
We all recognize clickbait when we see it. And yet thousands still click on the links. In today’s ...
Continue Reading
Whose Code Are You Running?
One of my favorite ways to eat Oreo cookies is to twist the two halves apart, carefully set the ...
Continue Reading
We're Just Like the NSA, and Nothing Like Them
During penetration tests, and especially scoping calls, we often get quizzed about what secret, ...
Continue Reading
Introduction to Metasploit Video
The Metasploit Framework is a key resource for security assessors. Whether you’re goal is to ...
Continue Reading