-
30 Sep 2010Elcomsoft’s new Phone Password Breaker now supports the BlackBerry
Elcomsoft's neat iPhone Password Breaker tool that can crack iPhone backup passwords just got 100% better. Now it's called Phone Password Breaker and supports BlackBerry backups. Nice.Combine such a tool with all the open shares and unstructured data scattered about the average network and you've got a pretty serious problem on your hands. That is unless you're using the tool in a security assessment and demonstrating the continued risks smartphones ...
Continue Reading... -
20 Sep 2010
With this tool there’s no excuse to not analyze your source code
A few months back I wrote about Checkmarx's CxDeveloper source code analysis product. Well, I've had some more recent source code analysis experience with the tool and thought I'd write a follow up piece.I'll start by saying that I can't stress how cost-effective this tool is for performing source code analysis...esp. when similar products cost MUCH more. Granted, I haven't performed my own run-off between CxDeveloper and the likes of ...
Continue Reading... -
12 Sep 2010
You cannot secure what you don’t acknowledge
Here's a piece I wrote for SearchSMBStorage.com on storage security...specifically some must-have tools for finding storage-related security flaws in small business.Five must-have data storage security tools for smaller businessesIf you don't know what's where it'll be impossible to keep it secure....
Continue Reading... -
07 Sep 2010
The key to accurate and insightful Web security scans
You've likely found that Web vulnerability scanners aren't just point-and-click. Maybe so for relatively simplistic marketing websites but not for complex applications. In fact, one of the greatest ways to get a grand false sense of security is to turn a Web vulnerability scanner loose on your site/application and assume everything of consequence has been discovered and audited.The thing is we're now seeing an entirely new set of Web applications ...
Continue Reading... -
31 Aug 2010
NetScan Tools LE – a must-have for investigators
Have you ever had a need to run a program and get a relatively small amount of data just to do your job but end up getting caught in the complexity of the application and not getting what you need after all? That's happened to me a bunch.Well, NorthWest Performance Software (makers of a long-time favorite of mine: NetScanTools Pro) has a new tool that helps resolves this problem called ...
Continue Reading... -
26 Aug 2010
Good new book on security awareness
I have to admit, when my colleague Marcos Christodonte first approached me about reviewing his new security awareness book, Cyber Within, I thought here's yet another book on boring old security awareness. I was wrong. Cyber Within takes a very unique (suspense novel-like) approach to address the problem we have with employees and information security. And it works.The book is a quick read - just 47 pages - but it's ...
Continue Reading... -
26 Aug 2010
Acunetix WVS v7 – grand improvements in the making
When I find a good security tool I not only love using it but I love telling everyone about it. Having gone down this road many times myself, I understand the time, money, and hassle associated with investing in security tools that aren't all that. Well, here's one for you: Acunetix Web Vulnerability Scanner (AWVS) version 7 (it's currently in beta and free for you to try).The folks at at ...
Continue Reading... -
12 Aug 2010
Metasploit enters the Web arena
OK, Metasploit has had several Web-related exploits for years but HD and company are now getting serious about taking Web application scanning and exploitation to the next level.As with Metasploit and Metasploit Express, there's only so much you can do with scanner and exploit tools so the verdict is still out. I love this innovation nonetheless....
Continue Reading... -
09 Jul 2010
Unique resource for managing Windows logs
I like the practical avenue Randy Franklin Smith (@randyfsmith) has taken with his new Windows Audit Logging Kits. I haven't seen them but I like his approach.Check them out here:http://www.ultimatewindowssecurity.com/securitylog/rosetta/default.aspx...
Continue Reading... -
20 Jun 2010
Like Metasploit? You’ve gotta check out Metasploit Express.
Here's a piece I just wrote for SearchEnterpriseDesktop.com where I talk about Rapid7's new Metasploit Express. It has its kinks and was a bit finicky to use but Metasploit Express will no doubt provide a breath of fresh air for pen testers - and now, less technical auditors - all around....
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
