Professionally Evil Blog
A blog by experts of penetration testing and other security assessments.
Twelve Days of ZAPmas - Day 12 - Testing a new Content-Security-Policy
What is the CSP? The Content-Security-Policy (CSP) is a widely recommended control and is predominantly viewed as an anti cross-site scripting control. One of its core capabilities is restricting what remote resources your app can interact with, and in which contexts (e.g. loading an image in an ...
Learn more
Never miss a Professionally Evil update!

Twelve Days of ZAPmas - Day 9 - Automated Scanning and ATTACK mode
Automated scanning against an application is useful. It’s a faster and less labor-intensive way to ...
Learn more

Twelve Days of ZAPmas - Day 7 - API Testing with Postman and ZAP
If you’ve done any significant amount of API development, there’s a good chance you’ve used ...
Learn more

Twelve Days of ZAPmas - Day 5 - Scope and Contexts
Normally I don’t like having my interception proxy hide out-of-scope traffic. Doing so creates a ...
Learn more