Professionally Evil Insights

Welcome to the Professionally Evil Insights blog by Secure Ideas! In this digital playground, we unravel the complex world of information security with a touch of fun. Our expert-led content ranges from deep-dives into penetration testing to explorations of hardware hacking. Whether you're curious about Secure Ideas or passionate about cybersecurity, this blog is your quick, enlightening, and entertaining guide into the captivating world of information security.

Welcome aboard!

    The Client-Side Security Trap: A Warning For Developers
    Considering the inherent complexities of modern web development, understanding the distinct roles of client-side and server-side functionalities is essential. The notion that client-side security controls can provide comprehensive protection without the support of server-side measures is ...
    Continue Reading

    Never miss a Professionally Evil update!

    Quick Bites Episode 11 – Ranking Application Risks
    application security  |  hacking  |  pentesting  |  Quick Bites  |  risk assessment  |  appsec  |  application risk  |  ranking risk
    Threats often evolve faster than defenders can figure out how to prevent them. That’s why keeping ...
    Continue Reading
    What does PCI require for Developer Training?
    Training  |  PCI  |  developers  |  application security  |  appsec
    The Payment Card Industry Security Standards Council (PCI SSC) defines compliance standards for all ...
    Continue Reading
    Mission Imfuzzable: How to Fuzz Web Apps you can't Intercept
    Introduction Fuzzing is a critical technique for finding vulnerabilities in web applications by ...
    Continue Reading
    Understanding Server-Side Template Injection (SSTI)
    Web applications play a vital role in delivering dynamic content to users. To achieve this, ...
    Continue Reading
    Introducing SamuraiWTF 5.3: A Powerhouse for Web App Pen Testing
    Testing  |  Training  |  samuraiWTF  |  web penetration testing  |  application security  |  professionally evil  |  Secure Ideas  |  hacking  |  OWASP  |  Project
    We are thrilled to announce the release of SamuraiWTF (Web Training Framework) version 5.3! This ...
    Continue Reading
    12 Days of ZAPmas - Day 12 Testing a new Content-Security-Policy
    What is the CSP? The Content-Security-Policy (CSP) is a widely recommended control and is ...
    Continue Reading
    Twelve Days of ZAPmas - Day 9 - Automated Scanning and ATTACK mode
    application security  |  OWASP  |  automation  |  scanning
    Automated scanning against an application is useful. It’s a faster and less labor-intensive way to ...
    Continue Reading
    Twelve Days of ZAPmas - Day 7 - API Testing with Postman and ZAP
    application security  |  OWASP  |  API
    If you’ve done any significant amount of API development, there’s a good chance you’ve used ...
    Continue Reading
    Twelve Days of ZAPMAS - Day 6 - Passive Flaw Detection and Using the HUD
    One of the awesome things about a security-focused interception proxy like ZAP is its ability to ...
    Continue Reading
    Twelve Days of ZAPmas - Day 5 - Scope and Contexts
    Normally I don’t like having my interception proxy hide out-of-scope traffic. Doing so creates a ...
    Continue Reading
    Twelve Days of ZAPmas - Day 4 - Fuzzing for Injection
    I briefly introduced fuzzing earlier in the series, citing it as the second primitive upon which ...
    Continue Reading