• 08 Feb 2012

    Video: My new whitepaper on SQL Server security threats & compliance

    Check out my new whitepaper The SQL Security Security Threat - It's closer than you think sponsored by Idera:...

    Continue Reading...
  • 19 Dec 2010

    MS Exchange security + hacking and hardening SQL Server

    Here are some new articles I've written for TechTarget that you may be interested in:Nine Exchange server risks you don’t want to overlookTen hacker tricks to exploit SQL Server systems (and oldie that I recently updated)Do you need to harden SQL Server 2008 R2?Enjoy!...

    Continue Reading...
  • 18 Oct 2010

    AppDetectivePro v7 worth checking out

    Have you checked out Application Security's (somewhat) new AppDetectivePro version 7? Have you even heard of AppDetectivePro? If not, it needs to be on your radar. It's a powerful database vulnerability scanner that can perform both unauthenticated penetration tests as well as authenticated audits of SQL Server, Oracle, MySQL, DB2, Notes/Domino and Sybase (wow) systems. A screenshot of a penetration test of an Oracle 11g-based system is shown below:AppDetective is ...

    Continue Reading...
  • 29 Apr 2010

    IT security roundtable starting soon

    Join me if you can in just over an hour for AppSec's Five Burning Questions: Q2 2010 IT Security Auditor Roundtable. I and others from companies such as Ernst & Young, KMPG, and Protiviti will discuss database audit challenges and share tips and best practices you can implement to ensure database compliance and security.I hope to "see" you there!...

    Continue Reading...
  • 26 Apr 2010

    The ultimate SQL Server faux pas, other oversights & solutions

    Here's a new piece I wrote where I talk about one of the root causes of SQL Server security issues:The ultimate SQL Server security faux pas: Overlooked systems...along with some additional oversights:Common oversights with SQL Server audits...and, to top things off, some things you can do to lock down your database environment (SQL Server or not)Meet compliance requirements with improved database security practices...

    Continue Reading...
  • 19 Mar 2010

    New tips on 4 facets of encryption

    Been wondering about the latest on mobile/backup/database/email encryption? Well, here are some recent tips I wrote to TechTarget that'll help you get the ball rolling:Securing SMB laptopsSecuring removable media with BitLocker To GoSecure your data backups with encryption key management best practicesEncryption – the great security control that nobody’s usingThe true value of transparent data encryptionIs full email encryption the solution to Exchange security?...

    Continue Reading...
  • 26 Jan 2010

    Webinar on database security this week

    Here's a webinar put on by Application Security, Inc. that I'm participating in this Thursday (1/28/10) in case you're interested...should be enlightening.Five Burning Questions Series: 2010 IT Security Auditor’s Roundtable...

    Continue Reading...
  • 12 Oct 2009

    Cool tool for cracking/resetting SQL Server passwords

    Elcomsoft has a neat - and relatively new - tool called Advanced SQL Password Recovery I thought you may be able to benefit from. It can be used to change any SQL Server databases protected by a password included SQL Server 2000, 2005 and 2008. All you need is access to the master.mdf file. SQL Server optional.I was going to show a screenshot but there's not that much to show...you ...

    Continue Reading...
  • 10 Mar 2009

    My latest security content

    I have some new information security content that you may be interested in. First, here's an article I wrote for SearchSQLServer.com:The fine line between not encrypting your databases and breach notification...and two articles I wrote for SearchSoftwareQuality.com:Using the Firefox Web Developer extension to find security flawsCloud computing and application security: Issues and risksEnjoy!Also, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and ...

    Continue Reading...
  • 25 Jun 2008

    Ignorance is bliss when it comes to patching database servers

    I just saw this bit today on SearchSecurity.com about admins not patching database servers. So, it's not just me that sees ignorance in action when it comes to admins not wanting to patch their database servers. I can't tell you how many times I've found database flaws directly-exploitable from the inside all because an admin didn't want to patch the system. I'm talking about full command prompt access to database ...

    Continue Reading...

Success expert Brian Tracy shares his thoughts on Kevin:

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.