-
06 Feb 2012My new material on Web application & website security
Here are several new pieces I've written on Web site/application security. Lots of angles and considerations:There’s more to web security than meets the eyeWeb passwords are often the weakest linkTo validate or not, is that the question?Protecting FTP services running on your Web serverThe critical Web-based systems that are going untested and unsecuredGood Web Security Tools and Why They MatterWhy you need intruder lockoutWeb security is like the layers of ...
Continue Reading... -
16 Dec 2011
AlgoSec & what happens when you don’t look for flaws from every angle
I recently had the opportunity to see how well AlgoSec's Firewall Analyzer performs in a real-world security assessment. Long story short, Firewall Analyzer found a weak password on an Internet-facing firewall that would've gone undetected otherwise. A traditional vulnerability scanner didn't find it nor did two different Web vulnerability scanners. Nothing was uncovered via manual analysis either.Only AlgoSec's Firewall Analyzer found the weakness...no doubt a flaw that would've been exploited ...
Continue Reading... -
15 Dec 2011
Going green’s tie-in with infosec
If you've been following my blog and my principles for even a short period of time you've probably figured out that I pull no punches when it comes to personal responsibility and limited government. There's hardly anywhere I'm more passionate in this regard than the marketing smoke and mirrors of "Going Green" and the religion of "global warming". I should say "climate change"; that covers warming and cooling for the ...
Continue Reading... -
21 Nov 2011Don’t turn a blind eye on the basics
I'm all about shoring up the basics of Web security before throwing money at the situation. If you're interested in saving not only money but also time and effort, here are some new pieces I've written on Web security that you may be interested in: Explaining the why of Web application security Improving Web security by working with what you’ve got Not all Web vulnerability scans are created equal Why ...
Continue Reading... -
04 Sep 2011
DNS hack: UPS, National Geographic, Acer, etc. websites affected
Happy (almost) Labor Day...here's the latest from the criminal hackers: a DNS hack has redirected numerous websites of UPS, National Geographic, Acer, The Register and more. Nice. Betcha it was some low-hanging fruit someone, somewhere overlooked....
Continue Reading... -
08 Jun 2011
Weiner fallout: “I got hacked” is the new scapegoat
I recently met up with some technology lawyer colleagues after work and we shared our thoughts on the Anthony Weiner "incident". We were talking about how early on in the saga no one but Weiner and the lucky recipients of his tweets really knew what the truth was. Predictably, as we're seeing and hearing more and more these days, Weiner came out and said "I was hacked. It happens to ...
Continue Reading... -
25 May 2011
Web appsec compliance & low-hanging fruit – it’s all up to us!
Here are some recent pieces I wrote on Web application security common sense for my colleagues at Acunetix that you may be interested in:But Compliance is Someone Else’s Job!Low-hanging fruit becomes big news with the 2011 Verizon Data Breach reportGoing Beyond Confirmed Web Security FlawsEnjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to my 500+ articles, whitepapers, podcasts, webcasts, books and more....
Continue Reading... -
04 May 2011
From culture to products to malware to breaches – where do you stand?
Here are some new opinion pieces on information security management that I wrote for Security Technology Executive magazine that you may be interested in:Don’t end up on the wrong side of a data breachFighting the malware fight all over again9 good reasons not to buy information security productsSecurity best practices without question?How's your security culture?Enjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to all of my information security ...
Continue Reading... -
04 May 2011
SecureWorld Expo better than ever
I attended this week's SecureWorld Expo in Atlanta and must say that the show is better now than ever before. I cut my professional speaking teeth with these guys speaking at dozens of their events between 2003 and 2007. I've taken some time off since but going back and seeing some of the same friendly faces brought back good memories.The best session I attended was William Hugh Murray's keynote on ...
Continue Reading... -
17 Feb 2011
Are you focusing on the infosec basics where it counts?
Here's a good read from @arstechnica on the HBGary story. It's a fascinating story in and of itself. But the oversights related to information security "best practices" is amazing. What is it going to take to get people to focus on the basics? Seriously, folks...Forget about all the fancy hack attacks and complex exploits for now and fix the low-hanging fruit. It's basic triage - stop the bleeding first. Focus ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including:
Tags
For your convenience I accept
