Professionally Evil Blog
A blog by experts of penetration testing and other security assessments.
Testing,
open source,
web penetration testing,
OWASP,
mobile application,
web application security,
API
ZAPmas Feedback
Sometimes Christmas comes early, and in this case for me it was the publication of the Twelve Days of ZAPmas blog posts by Mic Whitehorn-Gillam. If you have not read them yet then please do - they are a great introduction to ZAP and provide what I think is a very fair and balanced comparison to ...
Learn more
Never miss a Professionally Evil update!

12 Days of ZAPmas - Day 12 Testing a new Content-Security-Policy
What is the CSP? The Content-Security-Policy (CSP) is a widely recommended control and is ...
Learn more

Testing |
Vulnerability |
Guidance |
data breach |
information security |
penetration testing |
application security |
professionally evil |
Secure Ideas |
hacking |
best practices |
cybersecurity |
Privilege Escalation
Application Security 202: Vulnerabilities Accepted
vul·ner·a·bil·i·ty The quality or state of being exposed to the possibility of being attacked or ...
Learn more
Testing |
developers |
QA |
security |
testers |
web penetration testing
ViewState XSS: What's the Deal?
As penetration testers, there are many different technologies that we have to be familiar with. ...
Learn more
Testing ASP.Net WebForms: Request Method Validation
As a professional penetration tester, there are many features of an application that are similar ...
Learn more