Professionally Evil Blog
A blog by experts of penetration testing and other security assessments.
What happened to CVE-2022-23529? And what can we learn from it?
If you saw the disclosure notice for the flaw CVE-2022-23529, it would have been presented as a remote code execution flaw (via JWT secret poisoning) in the `jwt.verify` method of a main Node.js package for working with JSON Web Tokens (JWTs). The package in question is Auth0’s node_jsonwebtoken ...
Learn more
Never miss a Professionally Evil update!
Vulnerability |
developers |
security |
open source |
information security |
application security |
hacking
Digging Between the Couch Cushions - CouchDB CVE-2021-38295 Breakdown
Introduction In this blog post we’re going to take a look at the recent CouchDB vulnerability, ...
Learn more
Testing |
developers |
QA |
security |
testers |
web penetration testing
ViewState XSS: What's the Deal?
As penetration testers, there are many different technologies that we have to be familiar with. ...
Learn more
developers |
QA |
security |
testers
How to Setup RatProxy on Windows
In an effort to help developers and other windows users get started adding security testing into ...
Learn more