Professionally Evil Blog

A blog by experts of penetration testing and other security assessments.
    Quick Bites 7 - Dr. TamperMonkey (Or: How I Learned to Stop Worrying and Love JavaScript)
    We get really excited here at Secure Ideas about sharing knowledge with others.  Our mission ...
    Continue Reading
    Steam Deck Privacy and Security
    security  |  Gaming  |  Privacy
    Like any portable computing device, there are going to be questions about privacy and security.  ...
    Continue Reading
    ZAPmas Feedback
    Sometimes Christmas comes early, and in this case for me it was the publication of the Twelve Days ...
    Continue Reading
    12 Days of ZAPmas - Day 12 Testing a new Content-Security-Policy
    What is the CSP? The Content-Security-Policy (CSP) is a widely recommended control and is ...
    Continue Reading
    Twelve Days of ZAPmas - Day 11 - ZAP impressions from a Burp user
    It probably seems a bit odd to do this on Day 11 and not at the end of the series, but I have one ...
    Continue Reading
    Twelve Days of ZAPmas - Day 10 - Manual Web App Testing Unproxied
    Most of the time, proxying the browser doesn’t present any sort of trouble. You should be able to ...
    Continue Reading
    Twelve Days of ZAPmas - Day 9 - Automated Scanning and ATTACK mode
    application security  |  OWASP  |  automation  |  scanning
    Automated scanning against an application is useful. It’s a faster and less labor-intensive way to ...
    Continue Reading
    Twelve Days of ZAPmas - Day 8 - Spidering
    Spidering is an automated process that recursively finds and follows all the navigation from an ...
    Continue Reading
    Twelve Days of ZAPmas - Day 7 - API Testing with Postman and ZAP
    application security  |  OWASP  |  API
    If you’ve done any significant amount of API development, there’s a good chance you’ve used ...
    Continue Reading
    Twelve Days of ZAPMAS - Day 6 - Passive Flaw Detection and Using the HUD
    One of the awesome things about a security-focused interception proxy like ZAP is its ability to ...
    Continue Reading
    Twelve Days of ZAPmas - Day 5 - Scope and Contexts
    Normally I don’t like having my interception proxy hide out-of-scope traffic. Doing so creates a ...
    Continue Reading

    Never miss a professionally evil update!