Professionally Evil Insights

Welcome to the Professionally Evil Insights blog by Secure Ideas! In this digital playground, we unravel the complex world of information security with a touch of fun. Our expert-led content ranges from deep-dives into penetration testing to explorations of hardware hacking. Whether you're curious about Secure Ideas or passionate about cybersecurity, this blog is your quick, enlightening, and entertaining guide into the captivating world of information security.

Welcome aboard!

    The CISO's Myopia
    Fifteen years ago, I wrote an article entitled "The CSO’s Myopia." At the time, I aimed to highlight a critical limitation in information security management. I demonstrated how many information security professionals struggled to manage all the aspects needed to create effective policies and ...
    Continue Reading

    Never miss a Professionally Evil update!

    The reason I stopped using Postman for API Pentests
    I’ve been a proponent of Postman for a number of years. I’ve written and spoken about using it in ...
    Continue Reading
    CyberScream - Hacking Like a Ghost(face)
    consulting  |  data breach  |  penetration testing  |  professionally evil  |  hacking  |  analysis  |  cybersecurity  |  pentesting  |  phishing  |  security breach  |  exploits  |  Halloween  |  webcast
    It’s that most hauntingly wonderful time of year again! Halloween is upon us, along with the dread ...
    Continue Reading
    Navigating Evolving Regulations: Staying Ahead of Change
    In today's rapidly expanding business world, the only constant seems to be change itself. One of ...
    Continue Reading
    Understanding Server-Side Template Injection (SSTI)
    Web applications play a vital role in delivering dynamic content to users. To achieve this, ...
    Continue Reading
    Introducing BILE - Groundbreaking Classification for Web App
    As a seasoned web application penetration tester, I've always felt that there should be a more ...
    Continue Reading
    Introducing PETaaS: Professionally Evil Testing as a Service
    We're thrilled to announce the launch of our latest offering: Professionally Evil Testing as a ...
    Continue Reading
    Twelve Days of ZAPmas - Day 2 - The Edge of Tomorrow
    Day 2 - The Edge of Tomorrow - Replaying and Tampering with Requests Fuzzing and tampering are like ...
    Continue Reading
    What are the key requirements of the GLBA Safeguards Rule?
    The Gramm-Leach-Bliley Act (GLBA) contains the Safeguards Rule. This requires financial businesses ...
    Continue Reading
    Application Security 202: Vulnerabilities Accepted
    vul·ner·a·bil·i·ty The quality or state of being exposed to the possibility of being attacked or ...
    Continue Reading
    How to allow multiple RDP sessions
    The goal of this article is to walk through how to set up a Windows host to allow multiple remote ...
    Continue Reading