Professionally Evil Blog

A blog by experts of penetration testing and other security assessments.
    Quick Bites Ep 4 - Let's Talk About SSRF, Baby!
    Quick Bites Ep 4 - Let's Talk About SSRF, Baby!
    Let’s talk about you and (application) secur-i-ty! Let’s talk about all the good things and the bad ...
    Learn more
    Why your application needs a Content Security Policy (And How to Build One)
    Why your application needs a Content Security Policy (And How to Build One)
    As a web application owner, it is crucial to understand the concept of a content security policy ...
    Learn more
    Quick Bites Episode 2 - HTTP Security Headers and Why You NEED Them
    Quick Bites Episode 2 - HTTP Security Headers and Why You NEED Them
    Hi everybody!  So, after some feedback about the last “quick” Quick Bites  (thanks Josh!), I’ve ...
    Learn more
    Waving the White Flag: Why InfoSec should stop caring about HTTPOnly
      As a company that is constantly working with our penetration testing clients on understanding ...
    Learn more
    How I Became a Security Consultant: AbsoluteAppsec Interview
    How I Became a Security Consultant: AbsoluteAppsec Interview
    Every so often, podcasts and such will invite me to speak on a variety of topics. And this week, I ...
    Learn more

    Never miss a professionally evil update!