Professionally Evil Insights

Welcome to the Professionally Evil Insights blog by Secure Ideas! In this digital playground, we unravel the complex world of information security with a touch of fun. Our expert-led content ranges from deep-dives into penetration testing to explorations of hardware hacking. Whether you're curious about Secure Ideas or passionate about cybersecurity, this blog is your quick, enlightening, and entertaining guide into the captivating world of information security.

Welcome aboard!

Understanding Server-Side Template Injection (SSTI)

Web applications play a vital role in delivering dynamic content to users. To achieve this, developers often utilize server-side templates, which provide a powerful and consistent way to generate dynamic web pages. However, along with this power comes the risk of Server-Side Template Injection ...

Never miss a Professionally Evil update!

Introducing SamuraiWTF 5.3: A Powerhouse for Web App Pen Testing

We are thrilled to announce the release of SamuraiWTF (Web Training Framework) version 5.3! This ...

ZAPmas Feedback

Sometimes Christmas comes early, and in this case for me it was the publication of the Twelve Days ...

Twelve Days of ZAPmas - Day 11 - ZAP impressions from a Burp user

web penetration testing | Burp Suite | OWASP | web application security

It probably seems a bit odd to do this on Day 11 and not at the end of the series, but I have one ...

Twelve Days of ZAPmas - Day 10 - Manual Web App Testing Unproxied

web penetration testing | OWASP | web application security

Most of the time, proxying the browser doesn’t present any sort of trouble. You should be able to ...

Twelve Days of ZAPmas - Day 4 - Fuzzing for Injection

web penetration testing | application security | web application security | how-to

I briefly introduced fuzzing earlier in the series, citing it as the second primitive upon which ...

Twelve Days of ZAPmas - Day 1 - Setting Up ZAP

web penetration testing | application security | OWASP | web application security | how-to

This holiday season, I’m going to run down some of the ins and outs of working with OWASP Zed ...

Coming Soon - Twelve Days of ZAPmas

Training | web penetration testing | application security | web application security

In December of 2018, I published a twelve-day series of cross-site scripting tips, tricks, and ...

Quick Bites Ep 4 - Let's Talk About SSRF, Baby!

web penetration testing | web application security | SSRF | exploits

Let’s talk about you and (application) secur-i-ty! Let’s talk about all the good things and the bad ...

Wild West Hackin Fest 2022: The Return

Man, San Diego is beautiful. I don't know exactly why John Strand and Black Hills Information ...

ViewState XSS: What's the Deal?

As penetration testers, there are many different technologies that we have to be familiar with. The ...

Testing ASP.Net WebForms: Request Method Validation

Testing | security | web penetration testing

As a professional penetration tester, there are many features of an application that are similar ...

1 2