Professionally Evil Insights
Welcome to the Professionally Evil Insights blog by Secure Ideas! In this digital playground, we unravel the complex world of information security with a touch of fun. Our expert-led content ranges from deep-dives into penetration testing to explorations of hardware hacking. Whether you're curious about Secure Ideas or passionate about cybersecurity, this blog is your quick, enlightening, and entertaining guide into the captivating world of information security.
Welcome aboard!
The Client-Side Security Trap: A Warning For Developers
application security |
SDLC |
framework |
Secure Development |
Software Development |
Secure Coding Practices |
client-side Security |
Content Security Policy |
Lifecycle |
Front-End Security
Considering the inherent complexities of modern web development, understanding the distinct roles of client-side and server-side functionalities is essential. The notion that client-side security controls can provide comprehensive protection without the support of server-side measures is ...
Continue Reading
Never miss a Professionally Evil update!
Quick Bites Episode 11 – Ranking Application Risks
application security |
hacking |
pentesting |
Quick Bites |
risk assessment |
appsec |
application risk |
ranking risk
Threats often evolve faster than defenders can figure out how to prevent them. That’s why keeping ...
Continue Reading
What does PCI require for Developer Training?
Training |
PCI |
developers |
application security |
appsec
The Payment Card Industry Security Standards Council (PCI SSC) defines compliance standards for all ...
Continue Reading
Mission Imfuzzable: How to Fuzz Web Apps you can't Intercept
Introduction Fuzzing is a critical technique for finding vulnerabilities in web applications by ...
Continue Reading
Understanding Server-Side Template Injection (SSTI)
Testing |
Training |
QA |
web penetration testing |
penetration testing |
application security |
OWASP |
web application security |
methodology |
OWASP Top 10
Web applications play a vital role in delivering dynamic content to users. To achieve this, ...
Continue Reading
Introducing SamuraiWTF 5.3: A Powerhouse for Web App Pen Testing
Testing |
Training |
samuraiWTF |
web penetration testing |
application security |
professionally evil |
Secure Ideas |
hacking |
OWASP |
Project
We are thrilled to announce the release of SamuraiWTF (Web Training Framework) version 5.3! This ...
Continue Reading
12 Days of ZAPmas - Day 12 Testing a new Content-Security-Policy
What is the CSP? The Content-Security-Policy (CSP) is a widely recommended control and is ...
Continue Reading
Twelve Days of ZAPmas - Day 9 - Automated Scanning and ATTACK mode
Automated scanning against an application is useful. It’s a faster and less labor-intensive way to ...
Continue Reading
Twelve Days of ZAPmas - Day 7 - API Testing with Postman and ZAP
If you’ve done any significant amount of API development, there’s a good chance you’ve used ...
Continue Reading
Twelve Days of ZAPMAS - Day 6 - Passive Flaw Detection and Using the HUD
One of the awesome things about a security-focused interception proxy like ZAP is its ability to ...
Continue Reading
Twelve Days of ZAPmas - Day 5 - Scope and Contexts
Normally I don’t like having my interception proxy hide out-of-scope traffic. Doing so creates a ...
Continue Reading
Twelve Days of ZAPmas - Day 4 - Fuzzing for Injection
I briefly introduced fuzzing earlier in the series, citing it as the second primitive upon which ...
Continue Reading
Has contents: true
Total pages: 3
Current page: 1