• 30 Apr 2021

    Networked IP cameras as vulnerable as ever…no excuses these days.

    You've likely heard the news about security cameras being vulnerable to exploits like what was covered in this piece: https://threatpost.com/breach-verkada-security-camera-tesla-cloudflare/164635/ I feel like I'm always talking in circles when it comes to security...stop repeating history, focus on the basics, do what you know needs to be done...It's especially true for vulnerabilities in network security cameras. A little over nine years ago I wrote about this problem with cameras that I ...

    Continue Reading...
  • 05 Dec 2016

    Using NowSecure for automated mobile app testing

    As an independent information security consultant, I'm always looking for good testing tools to rely on for my work. These tools, such as vulnerability scanners, network analyzers/proxies, and related manual analysis tools, are not the be-all-end-all answer for uncovering security weaknesses, but they are a very important aspect of what I do. Be it more generic vulnerability scans, a targeted penetration test, or a broader, more in-depth, security assessment, I ...

    Continue Reading...
  • 18 Aug 2014

    A resource to help with PCI DSS 3.0’s penetration testing methodology requirements

    PCI DSS has been getting a lot of buzz lately and the latest version 3.0 will continue gaining momentum until the many small and medium-sized businesses get their arms around the new requirements. Of particular interest is the updated requirement 11.3 (below) which is much more prescriptive on how to find the actual security flaws that matter. I've always believe that you can't secure what you don't acknowledge...PCI DSS 3.0 ...

    Continue Reading...
  • 14 May 2014

    Web security vulnerability testing and management resources you need

    Here are some recent pieces I've written that can make or break your success in information security: - See more at: http://securityonwheels.blogspot.com/#sthash.YEhOcnEF.dpufHere are some recent pieces I've written that can make or break your success in information security: - See more at: http://securityonwheels.blogspot.com/#sthash.YEhOcnEF.dpufHere are some recent pieces I've written that can make or break your success in information security: - See more at: http://securityonwheels.blogspot.com/#sthash.YEhOcnEF.dpufHere are some recent pieces I've written ...

    Continue Reading...
  • 31 Jan 2014

    Some stuff you need to know about Windows 8.x, Internet Explorer, BYOD/MDM, and malware removal

    My goodness, I've let a lot of my articles on Windows 8, 8.1, patching, malware, and related desktop security topics stack up! Check these out:Don't ignore Windows 8 security when reviewing desktop vulnerabilitiesIT can tackle Windows configuration with a well-planned desktop auditWindows Server Update Services weaknesses you may not know about <=this is BIG, seriously!Why a Windows security scan is not enough to protect your workstationsFive steps to successful bot ...

    Continue Reading...
  • 18 May 2013

    Web security answers are changing – a frustrating, challenging, and humbling journey

    In reading one of Brian Tracy's books, Brian discusses a story of Albert Einstein and an exam he gave to his graduate physics class at Princeton University. After the exam, Dr. Einstein was approached by a student who asked: "Dr. Einstein, wasn't that the same exam that you gave to this physics class last year?" Dr. Einstein replied "Yes, it was the same exam as last year." The student then ...

    Continue Reading...
  • 21 Jan 2013

    Student information systems rife with security flaws

    Here's an interesting story from Slashdot today about a college student being expelled after pointing out flaws in his college's student information system.What he's seeing is no surprise. Starting with my days working for IBM's EduQuest division, for the past 20 years or so I've seen numerous K-12 and higher education student information systems chock full of security flaws. Stupid, silly security flaws like SQL injection, cross-site request forgery, URL ...

    Continue Reading...
  • 26 Nov 2012

    Fix for painful authenticated web vulnerability scans requiring MFA

    Authenticated web security scans are one of the most frustrating parts of web security assessments. I mean they're downright painful, oftentimes seemingly impossible - especially if multi-factor authentication (MFA) technology is in use. Yet authenticated scans are critically important. It's scary how many times I uncover serious flaws (i.e. SQL injection) while logged-in as a typical user of a web site/application. That is if I can get my web vulnerability ...

    Continue Reading...
  • 25 Sep 2012

    Be it in healthcare or infosec, the short term is for losers

    With all the doctor & hospital visits I've gone (and am still going) through with family members in the past few years, I've come to the conclusion that many (most?) healthcare providers - especially those smart doctors society holds on a pedestal - absolutely cannot see the big picture. They can't think past the appointment time slot in which they're currently working, much less next year and beyond.Adding to the ...

    Continue Reading...
  • 09 Jul 2012

    What NTOSpider offers the appsec world

    I feel like I've said it a million times: you cannot rely on just one Web vulnerability scanner. There are simply too many vendors doing too many checks across too many websites and applications. The complexity of what needs to be tested is enormous not to mention the quality of the Web vulnerability scanners on the market (tip: you get what you pay for). Well, NTObjectives' NTOSpider is a perfect ...

    Continue Reading...

A word about Kevin from well-known success expert Brian Tracy:

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.