Professionally Evil Blog
A blog by experts of penetration testing and other security assessments.
Testing,
open source,
web penetration testing,
OWASP,
mobile application,
web application security,
API
ZAPmas Feedback
Sometimes Christmas comes early, and in this case for me it was the publication of the Twelve Days of ZAPmas blog posts by Mic Whitehorn-Gillam. If you have not read them yet then please do - they are a great introduction to ZAP and provide what I think is a very fair and balanced comparison to ...
Learn more
Never miss a Professionally Evil update!

Twelve Days of ZAPmas - Day 11 - ZAP impressions from a Burp user
It probably seems a bit odd to do this on Day 11 and not at the end of the series, but I have one ...
Learn more

Twelve Days of ZAPmas - Day 10 - Manual Web App Testing Unproxied
Most of the time, proxying the browser doesn’t present any sort of trouble. You should be able to ...
Learn more

Twelve Days of ZAPmas - Day 4 - Fuzzing for Injection
I briefly introduced fuzzing earlier in the series, citing it as the second primitive upon which ...
Learn more

Twelve Days of ZAPmas - Day 1 - Setting Up ZAP
This holiday season, I’m going to run down some of the ins and outs of working with OWASP Zed ...
Learn more
Coming Soon - Twelve Days of ZAPmas
In December of 2018, I published a twelve-day series of cross-site scripting tips, tricks, and ...
Learn more

Quick Bites Ep 4 - Let's Talk About SSRF, Baby!
Let’s talk about you and (application) secur-i-ty! Let’s talk about all the good things and the bad ...
Learn more

Training |
security |
samuraiWTF |
web penetration testing |
information security |
security awareness |
application security |
professionally evil |
Secure Ideas |
hacking |
cybersecurity |
pentesting |
web application security |
technology |
security conference
Wild West Hackin Fest 2022: The Return
Man, San Diego is beautiful. I don't know exactly why John Strand and Black Hills Information ...
Learn more
Testing |
developers |
QA |
security |
testers |
web penetration testing
ViewState XSS: What's the Deal?
As penetration testers, there are many different technologies that we have to be familiar with. ...
Learn more
Testing ASP.Net WebForms: Request Method Validation
As a professional penetration tester, there are many features of an application that are similar ...
Learn more