Security

Professionally Evil CISSP Certification: Breaking the Bootcamp Model

ISC2 describes the CISSP as a way to prove “you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program”.  It is one of the primary certifications used as a stepping stone in your cybersecurity career.   Traditionally, students have two different options to gain this certification; self-study or a bootcamp.  Both …

Professionally Evil CISSP Certification: Breaking the Bootcamp Model Read More »

Compliance is not Security

Many folks get confused about the difference between security and compliance. Many, especially those less technically inclined, assume that fulfilling compliance obligations sufficiently addresses security. Unfortunately, that’s not true as demonstrated by the continuing rise of security breaches each year. In this post, I’ll briefly explain the difference between security and compliance, and then outline …

Compliance is not Security Read More »

Professionally Evil Web Application Security Class Live in Charlotte NC

Are you a developer who wants to better understand web application security?  Are you a security practitioner who needs to delve into web app penetration testing? Well now you have your chance!  Come and learn how to hack web applications and services from our Professionally Evil experts! Secure Ideas is excited to announce the latest in our course …

Professionally Evil Web Application Security Class Live in Charlotte NC Read More »

Professionally Evil Web App Pen Testing 101 Course

UPDATE: Updated the done steps. below.  Also changed the links from S3 to Git. Since our founding in 2010 Secure Ideas has always tried to focus on education and increasing the amount of available knowledge in our field.   As such we have contributed to courses, presented at conferences around the world and contributed to open …

Professionally Evil Web App Pen Testing 101 Course Read More »

Installing Splunk: First stop on the road to log analysis

First thing’s first: What is Splunk and why do I want or need it? The short is answer is Splunk is a data analytics tool that indexes system logs across different machines and appliances so that they’re searchable. Data analysis, event monitoring, compliance, and overall management oversight can be gleaned from this tool. Splunk takes …

Installing Splunk: First stop on the road to log analysis Read More »

CORS Global Policy

I recently noticed an uptake on Cross-Origin Resource Sharing (CORS) findings showing up in automated scanning tools, which would not have been a significant concern except for the fact that the tools were rating this as a relatively “high” severity and very few people I asked about it seemed to have any idea what it …

CORS Global Policy Read More »

Scroll to Top