-
10 Jul 2012With all the recent hype and hoopla over Windows 8 and Server 2012, I thought I'd throw in my two cents into the Microsoft analysis arena...here are some recent pieces I've written that you may be interested in:Thoughts and considerations around the forthcoming System Center 2012 Configuration ManagerWhy the simple Windows 8 Metro interface may not benefit usersMicrosoft Security Compliance Manager enhances desktop securityA first look at Microsoft Office 15 ...
Continue Reading... -
09 Jul 2012
What NTOSpider offers the appsec world
I feel like I've said it a million times: you cannot rely on just one Web vulnerability scanner. There are simply too many vendors doing too many checks across too many websites and applications. The complexity of what needs to be tested is enormous not to mention the quality of the Web vulnerability scanners on the market (tip: you get what you pay for). Well, NTObjectives' NTOSpider is a perfect ...
Continue Reading... -
25 Apr 2012
My webcast on software source code analysis
Here's a recent webcast I put together with the folks at Checkmarx (makers of a dandy source code analyzer) that you may be interested in:The business value of partial code scanningEnjoy!...
Continue Reading... -
16 Apr 2012
Basic features of WebInspect – the kind of stuff great scanners are made of
Wondering what helps minimize the pain, stress and time required to run effective Web vulnerability scans? It's the things you can see in the toolbar of HP's WebInspect: Start/Resume, Pause - because you're going to need to pause and resume your scans at some point.Rescan - because you're going to want to re-run the scan again or re-test for the flaws uncovered previously.Compare - because you're going to have a ...
Continue Reading... -
22 Mar 2012
An interesting Microsoft tool to help with data classification
Have you ever heard of Microsoft's Data Classification Toolkit for Windows Server 2008 R2? Me either. But it may be worth taking a look at. The lack of data classification and proper retention is at the core of many IT risks not to mention legal and compliance issues. You can't secure (or protect, or retain, or dispose of) what you don't acknowledge. If the Data Classification Toolkit is anything like ...
Continue Reading... -
19 Mar 2012
Neat tools to seek out sensitive files on laptops & websites
"Oh yeah, I forgot about all of those files." I've never had a security tool lead to these predictable words regarding sensitive files being stored on unencrypted laptops as much as Identity Finder has. You may have seen Identity Finder in my previous post and related articles and presentations where I've mentioned or demonstrated it. Identity Finder is a commercial product that IT and information security professionals can use to ...
Continue Reading... -
14 Mar 2012
My upcoming webcast with Checkmarx: How to Use Source Code Analysis to Improve Information Security
Join me next week, Thursday March 22, for a quick webcast where I'll be co-presenting on the topic of source code analysis and how it can improve your information security over time. I'm convinced that source code analysis is one of the missing links in the overall security process. As I say all the time: you cannot secure what you don't acknowledge. Ignoring security flaws at the source can be ...
Continue Reading... -
09 Mar 2012
My upcoming webcast on firewall management
Join me and AlgoSec's Nimmy Reichenberg next week for a unique discussion on strategies for improving firewall management.We all know it's the elephant in the room...Today's enterprises have firewalls that are so complex and so fragile yet no one's really taking care of them. Any processes that do exist around rule management, rule changes and firewall risk analysis are often manual - and oh so painful.I know, I know, firewalls ...
Continue Reading... -
12 Feb 2012
SQL injection cheatsheet & tips for getting management on board
Here's a neat "cheatsheet" on SQL injection by NTObjectives that outlines some common attack strings, commands and so forth. Their SQL Invader SQL injection tool is worth checking out as well. If you're having trouble selling management on the dangers of SQL injection, check out this piece I wrote about it not long ago: SQL Injection – The Web Flaw That Keeps on Giving Ten Ways to Sell Security to ...
Continue Reading... -
09 Feb 2012
Video: My new whitepaper on advanced malware and how Damballa Failsafe fits in
Introduction to the threat we're facing and my new whitepaper The Malware Threat Businesses are Ignoring and How Damballa Failsafe Fits In: ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
