-
11 May 2012Web application security assessment war stories
I spend a lot of time performing Web security assessments and every project is a neat learning experience for me. I'm always eager to share my Web security war stories, what to do and what NOT to do so here are some new pieces you may be interested in...From exploiting Web vulnerabilities to IT geek speak and a bunch of stuff in between, I hope there's something here for you:The ...
Continue Reading... -
25 Apr 2012
My webcast on software source code analysis
Here's a recent webcast I put together with the folks at Checkmarx (makers of a dandy source code analyzer) that you may be interested in:The business value of partial code scanningEnjoy!...
Continue Reading... -
08 Apr 2012
Disk encryption for HIPAA + HITECH & why BitLocker may not be the solution
I'm finally back in the swing of things after taking some time off for Spring Break. I hope you're enjoying your Spring as well.Here are two articles I've recently written about full disk encryption...arguably the greatest missing link in any given business's information security program.Things you need to think about regarding disk encryption and data protection for HIPAA and HITECHBitLocker’s improvements leave gaps to be aware ofEnjoy!As always, be sure ...
Continue Reading... -
15 Mar 2012
Flaws, compliance and the Cybersecurity Act of 2012
Here are some new pieces I've recently written that you may be interested in...big things in security we need to have on our radar: Six Security Flaws on Your Network Right Now Find the Most Flaws By Balancing Automated Scans with Manual Analysis Compliance is just the beginning New and not-so-new security twists in the Cybersecurity Act of 2012 Enjoy! Be sure to check out www.principlelogic.com/resources.html for links to all ...
Continue Reading... -
19 Feb 2012
Got compliance on your mind?
I figured you did...it seems everyone does these days. However you look at compliance - be it a threat, a security enabler or just a pain in the rear-end - here are some new pieces I've written that may help:Our dangerous overdependence on IT auditingCompliance considerations when disposing old equipmentHow Windows Server 8 can help with complianceEnjoy!Be sure to check out www.principlelogic.com/resources.html for links to all of my information security ...
Continue Reading... -
12 Feb 2012
SQL injection cheatsheet & tips for getting management on board
Here's a neat "cheatsheet" on SQL injection by NTObjectives that outlines some common attack strings, commands and so forth. Their SQL Invader SQL injection tool is worth checking out as well. If you're having trouble selling management on the dangers of SQL injection, check out this piece I wrote about it not long ago: SQL Injection – The Web Flaw That Keeps on Giving Ten Ways to Sell Security to ...
Continue Reading... -
10 Feb 2012
Video: The one infosec skill you need to be working on
Develop and maintain this one skill and you'll position yourself to be a much more valuable information security professional: ...
Continue Reading... -
09 Feb 2012
Video: My new whitepaper on advanced malware and how Damballa Failsafe fits in
Introduction to the threat we're facing and my new whitepaper The Malware Threat Businesses are Ignoring and How Damballa Failsafe Fits In: ...
Continue Reading... -
08 Feb 2012
Video: My new whitepaper on SQL Server security threats & compliance
Check out my new whitepaper The SQL Security Security Threat - It's closer than you think sponsored by Idera:...
Continue Reading... -
08 Feb 2012
Introducing my information security YouTube channel – PrincipleLogic
Check out my new YouTube channel (www.youtube.com/PrincipleLogic): I'm really excited about this. More videos coming soon.I plan to post video blogs once or twice a week so be sure to subscribe on YouTube or via my RSS feed.Enjoy!...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
