Professionally Evil Blog

A blog by experts of penetration testing and other security assessments.
    Twelve Days of ZAPmas - Day 7 - API Testing with Postman and ZAP
    Twelve Days of ZAPmas - Day 7 - API Testing with Postman and ZAP
    If you’ve done any significant amount of API development, there’s a good chance you’ve used ...
    Learn more
    Twelve Days of ZAPMAS - Day 6 - Passive Flaw Detection and Using the HUD
    Twelve Days of ZAPMAS - Day 6 - Passive Flaw Detection and Using the HUD
    One of the awesome things about a security-focused interception proxy like ZAP is its ability to ...
    Learn more
    Twelve Days of ZAPmas - Day 5 - Scope and Contexts
    Twelve Days of ZAPmas - Day 5 - Scope and Contexts
    Normally I don’t like having my interception proxy hide out-of-scope traffic. Doing so creates a ...
    Learn more
    Twelve Days of ZAPmas - Day 4 - Fuzzing for Injection
    Twelve Days of ZAPmas - Day 4 - Fuzzing for Injection
    I briefly introduced fuzzing earlier in the series, citing it as the second primitive upon which ...
    Learn more
    Twelve Days of ZAPmas - Day 3 - CYA (Cover Your Auth)
    Twelve Days of ZAPmas - Day 3 - CYA (Cover Your Auth)
    Access control is one of the crucial elements to application security. The vast majority of ...
    Learn more
    Twelve Days of ZAPmas - Day 2 - The Edge of Tomorrow
    Twelve Days of ZAPmas - Day 2 - The Edge of Tomorrow
    Day 2 - The Edge of Tomorrow - Replaying and Tampering with Requests Fuzzing and tampering are like ...
    Learn more
    Twelve Days of ZAPmas - Day 1 - Setting Up ZAP
    Twelve Days of ZAPmas - Day 1 - Setting Up ZAP
    This holiday season, I’m going to run down some of the ins and outs of working with OWASP Zed ...
    Learn more
    Quick Bites Ep 6 - Good Hygiene is IMPORTANT, PEOPLE!
    Quick Bites Ep 6 - Good Hygiene is IMPORTANT, PEOPLE!
    So, I just missed a week of work because of the flu (it wasn’t COVID, I got tested). The flu SUCKS. ...
    Learn more
    How to iterate through advfirewall rules
    How to iterate through advfirewall rules
        There are several ways to pull firewall information from a Windows system.  Today we will ...
    Learn more
    Introduction to Writing Nmap Scripting Engine (NSE) Scripts
    Introduction to Writing Nmap Scripting Engine (NSE) Scripts
    One thing I notice a lot of people are missing in their skill set as security professionals is the ...
    Learn more
    Quick Bites Ep 5 - The Call Is Coming From INSIDE THE HOUSE
    Quick Bites Ep 5 - The Call Is Coming From INSIDE THE HOUSE
    Man, I’ll be honest - I’m super excited to be doing a Halloween-themed blog post this year.  So, ...
    Learn more
    Working With Data: IP and Port Filtering
    Working With Data: IP and Port Filtering
      During our day-to-day work, there’s a lot of data that we interact with.  In order to make good ...
    Learn more

    Never miss a professionally evil update!