Client Portal
Contact Us

Professionally Evil Blog

A blog by experts of penetration testing and other security assessments.
    Featured Image
    Understanding Server-Side Template Injection (SSTI)
    Testing |  Training |  QA |  web penetration testing |  penetration testing |  application security |  OWASP |  web application security |  methodology |  OWASP Top 10
    Web applications play a vital role in delivering dynamic content to users. To achieve this, developers often utilize server-side templates, which provide a powerful and consistent way to generate dynamic web pages. However, along with this power comes the risk of Server-Side Template Injection ...
    Continue Reading

    Never miss a Professionally Evil update!

    Sign Up For Our Newsletter
    Introducing SamuraiWTF 5.3: A Powerhouse for Web App Pen Testing
    Introducing SamuraiWTF 5.3: A Powerhouse for Web App Pen Testing
    Testing  |  Training  |  samuraiWTF  |  web penetration testing  |  application security  |  professionally evil  |  Secure Ideas  |  hacking  |  OWASP  |  Project
    We are thrilled to announce the release of SamuraiWTF (Web Training Framework) version 5.3! This ...
    Continue Reading
    ZAPmas Feedback
    ZAPmas Feedback
    Sometimes Christmas comes early, and in this case for me it was the publication of the Twelve Days ...
    Continue Reading
    Twelve Days of ZAPmas - Day 11 - ZAP impressions from a Burp user
    Twelve Days of ZAPmas - Day 11 - ZAP impressions from a Burp user
    It probably seems a bit odd to do this on Day 11 and not at the end of the series, but I have one ...
    Continue Reading
    Twelve Days of ZAPmas - Day 10 - Manual Web App Testing Unproxied
    Twelve Days of ZAPmas - Day 10 - Manual Web App Testing Unproxied
    Most of the time, proxying the browser doesn’t present any sort of trouble. You should be able to ...
    Continue Reading
    Twelve Days of ZAPmas - Day 4 - Fuzzing for Injection
    Twelve Days of ZAPmas - Day 4 - Fuzzing for Injection
    I briefly introduced fuzzing earlier in the series, citing it as the second primitive upon which ...
    Continue Reading
    Twelve Days of ZAPmas - Day 1 - Setting Up ZAP
    Twelve Days of ZAPmas - Day 1 - Setting Up ZAP
    This holiday season, I’m going to run down some of the ins and outs of working with OWASP Zed ...
    Continue Reading
    Coming Soon - Twelve Days of ZAPmas
    Coming Soon - Twelve Days of ZAPmas
    In December of 2018, I published a twelve-day series of cross-site scripting tips, tricks, and ...
    Continue Reading
    Quick Bites Ep 4 - Let's Talk About SSRF, Baby!
    Quick Bites Ep 4 - Let's Talk About SSRF, Baby!
    Let’s talk about you and (application) secur-i-ty! Let’s talk about all the good things and the bad ...
    Continue Reading
    Wild West Hackin Fest 2022: The Return
    Wild West Hackin Fest 2022: The Return
    Man, San Diego is beautiful.  I don't know exactly why John Strand and Black Hills Information ...
    Continue Reading
    ViewState XSS: What's the Deal?
    ViewState XSS: What's the Deal?
    Testing  |  developers  |  QA  |  security  |  testers  |  web penetration testing
      As penetration testers, there are many different technologies that we have to be familiar with.  ...
    Continue Reading
    Testing ASP.Net WebForms: Request Method Validation
    Testing ASP.Net WebForms: Request Method Validation
      As a professional penetration tester, there are many features of an application that are similar ...
    Continue Reading
    1 2