Professionally Evil Blog

A blog by experts of penetration testing and other security assessments.
    Twelve Days of ZAPmas - Day 12 - Testing a new Content-Security-Policy
    Twelve Days of ZAPmas - Day 12 - Testing a new Content-Security-Policy
    What is the CSP? The Content-Security-Policy (CSP) is a widely recommended control and is ...
    Learn more
    Twelve Days of ZAPmas - Day 9 - Automated Scanning and ATTACK mode
    Twelve Days of ZAPmas - Day 9 - Automated Scanning and ATTACK mode
    Automated scanning against an application is useful. It’s a faster and less labor-intensive way to ...
    Learn more
    Twelve Days of ZAPmas - Day 7 - API Testing with Postman and ZAP
    Twelve Days of ZAPmas - Day 7 - API Testing with Postman and ZAP
    If you’ve done any significant amount of API development, there’s a good chance you’ve used ...
    Learn more
    Twelve Days of ZAPMAS - Day 6 - Passive Flaw Detection and Using the HUD
    Twelve Days of ZAPMAS - Day 6 - Passive Flaw Detection and Using the HUD
    One of the awesome things about a security-focused interception proxy like ZAP is its ability to ...
    Learn more
    Twelve Days of ZAPmas - Day 5 - Scope and Contexts
    Twelve Days of ZAPmas - Day 5 - Scope and Contexts
    Normally I don’t like having my interception proxy hide out-of-scope traffic. Doing so creates a ...
    Learn more
    Twelve Days of ZAPmas - Day 4 - Fuzzing for Injection
    Twelve Days of ZAPmas - Day 4 - Fuzzing for Injection
    I briefly introduced fuzzing earlier in the series, citing it as the second primitive upon which ...
    Learn more
    Twelve Days of ZAPmas - Day 3 - CYA (Cover Your Auth)
    Twelve Days of ZAPmas - Day 3 - CYA (Cover Your Auth)
    Access control is one of the crucial elements to application security. The vast majority of ...
    Learn more
    Twelve Days of ZAPmas - Day 2 - The Edge of Tomorrow
    Twelve Days of ZAPmas - Day 2 - The Edge of Tomorrow
    Day 2 - The Edge of Tomorrow - Replaying and Tampering with Requests Fuzzing and tampering are like ...
    Learn more
    Twelve Days of ZAPmas - Day 1 - Setting Up ZAP
    Twelve Days of ZAPmas - Day 1 - Setting Up ZAP
    This holiday season, I’m going to run down some of the ins and outs of working with OWASP Zed ...
    Learn more
    Coming Soon - Twelve Days of ZAPmas
    In December of 2018, I published a twelve-day series of cross-site scripting tips, tricks, and ...
    Learn more
    JuiceShop Workshop in less than 5 minutes
    Have you ever deployed 10-30 containers in AWS with the single stroke of a key? (well if you don’t ...
    Learn more
    How to Obfuscate Strings in Rust the Easy Way Using the litcrypt Crate
    How to Obfuscate Strings in Rust the Easy Way Using the litcrypt Crate
    Overview Static strings in a binary can make the life easier for reverse engineers, be those ...
    Learn more