Professionally Evil Blog
A blog by experts of penetration testing and other security assessments.
What happened to CVE-2022-23529? And what can we learn from it?
If you saw the disclosure notice for the flaw CVE-2022-23529, it would have been presented as a remote code execution flaw (via JWT secret poisoning) in the `jwt.verify` method of a main Node.js package for working with JSON Web Tokens (JWTs). The package in question is Auth0’s node_jsonwebtoken ...
Learn more
Never miss a Professionally Evil update!

information security |
penetration testing |
CISSP |
education |
compliance |
risk assessment |
security controls |
information security program |
GLBA |
Safeguards Rule |
Dec 9, 2022 |
automotive |
banking |
vulnerability assessment
What are the key requirements of the GLBA Safeguards Rule?
The Gramm-Leach-Bliley Act (GLBA) contains the Safeguards Rule. This requires financial ...
Learn more

Testing |
Vulnerability |
Guidance |
data breach |
information security |
penetration testing |
application security |
professionally evil |
Secure Ideas |
hacking |
best practices |
cybersecurity |
Privilege Escalation
Application Security 202: Vulnerabilities Accepted
vul·ner·a·bil·i·ty The quality or state of being exposed to the possibility of being attacked or ...
Learn more

Training |
security |
samuraiWTF |
web penetration testing |
information security |
security awareness |
application security |
professionally evil |
Secure Ideas |
hacking |
cybersecurity |
pentesting |
web application security |
technology |
security conference
Wild West Hackin Fest 2022: The Return
Man, San Diego is beautiful. I don't know exactly why John Strand and Black Hills Information ...
Learn more
Vulnerability |
developers |
security |
open source |
information security |
application security |
hacking
Digging Between the Couch Cushions - CouchDB CVE-2021-38295 Breakdown
Introduction In this blog post we’re going to take a look at the recent CouchDB vulnerability, ...
Learn more