-
02 Mar 2016A patch for stupid, PCI DSS penetration testing tips, and focusing on what matters in security
Here are some articles and guest blog posts I've written for my friends at TechTarget, Ziff Davis, AlgoSec, and Rapid7: - See more at: http://securityonwheels.blogspot.com/#sthash.QOKy5qXt.dpuThe follare some articles and guest blog posts I've written for my friends at TechTarget, Ziff Davis, AlgoSec, and Rapid7:The following are some new articles I've written for TechTarget and Ziff Davis. Enjoy!Maybe there is a patch for stupidSix areas of importance in the PCI Penetration ...
Continue Reading... -
18 Aug 2014
A resource to help with PCI DSS 3.0’s penetration testing methodology requirements
PCI DSS has been getting a lot of buzz lately and the latest version 3.0 will continue gaining momentum until the many small and medium-sized businesses get their arms around the new requirements. Of particular interest is the updated requirement 11.3 (below) which is much more prescriptive on how to find the actual security flaws that matter. I've always believe that you can't secure what you don't acknowledge...PCI DSS 3.0 ...
Continue Reading... -
18 Jul 2014
How to communicate Web security to management, must-have security testing tools, and compliance in the cloud
Check out these new pieces I've written and recorded on Web application and cloud security. If you follow the things I recommend on communication (first three links), you can absolutely transform your information security program and the way that people perceive you as an IT professional.Communicating with Management about Web Security, Part 1 - Knowing What You're Up AgainstCommunicating with Management about Web Security, Part 2 - Prioritization and Sending ...
Continue Reading... -
07 Jun 2012
The weakness of vulnerability scans that people (sadly) ignore
Those of us who live and breathe information security on a daily basis understand that vulnerability scans are only part of the information security assessment equation. We can't live without them but as I've outlined here we by all means cannot rely on them completely.I was just speaking with a colleague about this and came up with an analogy for our overdependence on external vulnerability scans in the name of ...
Continue Reading... -
26 Apr 2011
What’s this “firewall” you speak of??
It seems that #firewalls are making a comeback. Of course, I felt compelled to throw in my two cents worth so here are some new pieces I wrote for the fine folks at SearchNetworking.com on firewalls and firewall management:Firewall change management and automation can curb human errorDo Web application firewalls complicate enterprise security strategy?Planning a virtualization firewall strategyEnjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to all of ...
Continue Reading... -
01 Apr 2011
Web security tidbits on developers, leadership, weak passwords & more
Here are a few pieces I've written recently on Web application security you may be interested in...things that affect each and every one of us working in IT and infosec:I wouldn’t want to be a developer these daysDon’t overlook the importance of authenticated testingYou can’t change what you tolerateTesting for weak passwords: a common oversight without a great solutionHow often should you test your web applications?Notable changes in the PCI ...
Continue Reading... -
30 Aug 2010
“New” Web security content to check out
Here are several new links to some recent (and, due to my crazy year, not so recent) articles I've written for various TechTarget sites on the subjects of Web application and server security:Web server weaknesses you don't want to overlook (the "rest of the story" of Web flaws)SQL injection tools for automated testing (a must-have for your toolkit)Beefing up SSL to ensure your applications are locked down (good for some ...
Continue Reading... -
21 Sep 2009
My latest security content
Here are a few new pieces just published. Enjoy!The lowdown on PCI complianceTesting rich Internet applications: 2009's best free toolsBig Brother or lowly minion - finding your role in ITBe sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts, my Twitter updates, and more....
Continue Reading... -
22 Jun 2009
My latest security content
OK, I've been busy and my articles have been stacking up. Here's the first set that were recently published. More to come later this week.Dumb things IT consultants doWhy it may not be ideal for your lawyer to be your compliance officerKeys to finding your IT consulting nicheIs all the PCI DSS compliance whining and complaining justified?Scoping your Web app security assessments for successEnjoy!As always, be sure to check out ...
Continue Reading... -
03 Apr 2009
Restating the obvious?
This just in (OK, it's really from a couple of days ago): Cybersecurity hearing highlights inadequacy of PCI DSS.But I thought compliance = security!? And anything forced down our throats at the hand of industry bodies and government goons is all we need to manage business risks!? Seriously...how long do you think we'll continue to hear about this...ay yay yay?...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
