Professionally Evil Insights

Welcome to the Professionally Evil Insights blog by Secure Ideas! In this digital playground, we unravel the complex world of information security with a touch of fun. Our expert-led content ranges from deep-dives into penetration testing to explorations of hardware hacking. Whether you're curious about Secure Ideas or passionate about cybersecurity, this blog is your quick, enlightening, and entertaining guide into the captivating world of information security.

Welcome aboard!

    What are SQL Injection Vulnerability (SQLi), How to Identify Them, and How to Prevent
    Recently, the FBI and CISA released a Secure by Design alert calling for the elimination of SQL injection vulnerabilities. This classification of vulnerabilities has been known about since the early 2000’s and effective defenses were released a few years after. Despite over 20 years of knowing ...
    Continue Reading

    Never miss a Professionally Evil update!

    Being Safe and Secure with Cross-Origin Messaging
    security  |  JavaScript  |  application  |  web  |  cross-origin
    Complex web and mobile apps often depend on cross-domain interactions between different online ...
    Continue Reading
    QB 10 – Half Shells and Full Shells
    hacking  |  pentesting  |  shell  |  Quick Bites  |  reverse shells  |  terminal  |  python  |  python3  |  netcat  |  command line  |  nc
    I wanted to share a really cool technique that I found out about recently. Now I will say this is ...
    Continue Reading
    Intro to NMAP
    My journey into cybersecurity has been anything but easy. This field offers a wide range of ...
    Continue Reading
    What does PCI require for Developer Training?
    Training  |  PCI  |  developers  |  application security  |  appsec
    The Payment Card Industry Security Standards Council (PCI SSC) defines compliance standards for all ...
    Continue Reading
    Mitigating Exploitation Risks in Active Directory Certificate Services
    A recent pentest of an Active Directory environment turned into a struggle to uncover an avenue for ...
    Continue Reading
    Everything You Need To Know About The Nist Cybersecurity Framework 2.0
    best practices  |  cybersecurity  |  government  |  CSF  |  cybersecurity standards  |  framework  |  NIST  |  profiles  |  tiers
    This week NIST released the highly anticipated update to the Cybersecurity Framework (CSF). Here’s ...
    Continue Reading
    Quick Bites 9 – Adventuring into the Unknown: The Hacker Subculture
    One of the really cool things about being a hacker is that we get to discover new things. It’s kind ...
    Continue Reading
    The reason I stopped using Postman for API Pentests
    I’ve been a proponent of Postman for a number of years. I’ve written and spoken about using it in ...
    Continue Reading