-
11 Nov 2013My latest security content (lots of stuff on application security)
I thought you might be interested in my latest articles/tips on web and mobile application security:Why you need to pay attention to the slow HTTP attackLessons learned from a web security breachApplication security calls for a proactive approachUnderstanding the value of the OWASP Top 10 2013The Role Of An Automated Web Vulnerability Scanner In A Holistic Web Security AuditAre Obamacare’s health insurance exchanges secured? Likely not. Can software quality pros ...
Continue Reading... -
12 Aug 2013
You can’t see the light ’til you open your eyes…
I noticed a lot of interesting topics/news coming from the Black Hat conference last week such as: SSH Communications Security Unveils General Availability Of SSH Risk Assessor ToolPreparing For Possible Future Crypto AttacksCrack of mobile SIM card crypto and virtual machine features could let an attacker target and clone a phone HTTPS Hackable In 30 Seconds: DHS AlertNo doubt, these are all worthy topics that will help improve information security over the ...
Continue Reading... -
07 Mar 2013
Got Compliance? Here’s my way of reducing your pain just a bit.
It's been a while and the content is stacking up, so here's the first of many upcoming posts on new content I've written. This time up, it's a set of tips I've written for Ben Cole at SearchCompliance.com about that dreaded subject...you guessed it....compliance.Enjoy!Considering a career in compliance? Heed these warnings firstAudits, maintenance crucial to business continuity policy successControl, visibility essential to records management and complianceBeware the perils of organization-wide ...
Continue Reading... -
04 Oct 2012
Calling all executives and managers…
For all those who don't quite "get" information security...You've heard the saying: It's not what happens to you in life that is important - what matters is how you react to what happens. Don't let this be your mantra for managing information risks!It DOES matter what happens to you...figure out where you're weak and don't let it happen. Oh, and, have a Plan B....
Continue Reading... -
21 Sep 2012
-
11 Sep 2012
GoDaddy: ‘Malfunction’ as the new scapegoat?
We've been hearing about 'computer glitch' for a while. That's what the talking heads on the news always cite when something goes awry with a computer system. Perhaps 'malfunction' is the new scapegoat? That's the route GoDaddy is taking. They say it was a 'malfunction', not hacking, that took them and presumably hundreds of thousands (millions?) of other systems offline for hours yesterday.I'm sure it had nothing to do with ...
Continue Reading... -
03 May 2012
The funny thing about iPhones & airplane toilets
My Delta co-passengers and I recently had the opportunity to experience a near 1-hour flight delay due to, none other than, some dude dropping his iPhone into the aft toilet on our fancy Boeing 757. I'm not making this up...Yep, there we were sitting at the gate and this guy comes up to the flight attendants to ask for some help getting his iPhone out of the crapper. Yuck! The ...
Continue Reading... -
28 Mar 2012
This is your crazy JetBlue captain speaking
Anyone is capable of doing anything...that's what comes to mind when I think about the JetBlue captain going mad on a flight yesterday. Here's what I know...Just because someone has passed a background check, has a good references and has created a good track record for himself doesn't mean he's not capable of flying off the hook and doing bad things. This applies to pilots as in this situation and ...
Continue Reading... -
25 Jan 2012
Complacency, meet APT – How basic oversights lead to complex malware infections
Low-hanging fruit – that is, the missing patches, default passwords, lack of full disk encryption and so on present in practically every environment – is something I’ve ranted about time and again because there’s no reason to have it on your network. Why? Well, for one thing, rogue insiders may just exploit it for ill-gotten gains. But even worse, low-hanging fruit can be the target of malware exploitations that you’re ...
Continue Reading... -
19 Jan 2012
Quoted in today’s SC Magazine feature story on Symantec
Stephen Lawton wrote today's SC Magazine feature news story on the Symantec source code breach in which I'm quoted.I provided these quotes late last night and it was interesting timing because I was speaking at local university's AITP chapter yesterday evening and I told my audience that no one is immune from hacking - not even IT and security pros...and obviously not information security companies.It's a crazy world out there. ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
