Professionally Evil Blog

A blog by experts of penetration testing and other security assessments.
    ZAPmas Feedback
    Sometimes Christmas comes early, and in this case for me it was the publication of the Twelve Days of ZAPmas blog posts by Mic Whitehorn-Gillam. If you have not read them yet then please do - they are a great introduction to ZAP and provide what I think is a very fair and balanced comparison to ...
    Learn more

    Never miss a Professionally Evil update!

    12 Days of ZAPmas - Day 12 Testing a new Content-Security-Policy
    12 Days of ZAPmas - Day 12 Testing a new Content-Security-Policy
    What is the CSP? The Content-Security-Policy (CSP) is a widely recommended control and is ...
    Learn more
    ViewState XSS: What's the Deal?
      As penetration testers, there are many different technologies that we have to be familiar with.  ...
    Learn more
    Testing ASP.Net WebForms: Request Method Validation
      As a professional penetration tester, there are many features of an application that are similar ...
    Learn more