-
28 Jun 2016Email phishing expertise: Lack of skills or just a lackadaisical approach to security?
I can't think of any current security test that's more important than email phishing. Yet, it seems that so few organizations actually include this phishing as part of their ongoing information security assessments and penetration tests. I suppose that's why we keep hearing about all of the Cryptolocker infections and crazy statistics being published by Verizon, Ponemon and others. Here are some articles that I have written that can help ...
Continue Reading... -
25 Apr 2016
New content on web application security testing
Here are a two brand new pieces I've written on web application security recently for the nice folks at TechBeacon:Why ALL of your apps need security testing4 insider tips for choosing application security testing toolsMore to come - you can link/subscribe to my author page here. Enjoy!...
Continue Reading... -
25 Jan 2016
LUCY – a very powerful email phishing tool
If you're an IT or information security professional you need to know about a great - and relatively new - tool that you can use as part of your security assessment and/or user awareness and training programs...it's called LUCY. I came across a small online blurb about LUCY a few months ago and thought I would check it out. Having dealt with both open source and commercial email phishing tools ...
Continue Reading... -
22 Dec 2014
Some vulnerability + penetration testing content to send off 2014
Here are some pieces I've written recently on determining just how "fit" your network and application environment really is. Whether you're an IT auditor, penetration tester, IT admin, or security consultant, there's some stuff for you:How to perform a (next-generation) network security audit Don’t overlook details when scoping your Web application security assessmentsTop gotchas when performing email phishing tests How to take a measured approach to automated penetration testingFive steps ...
Continue Reading... -
08 Oct 2014
What no one is saying about cyber insurance
I race cars for fun and sport and found out the hard way not long ago that if I wanted to increase my life insurance I was going to have to jump through numerous hoops and pay enormous premiums for a minimal increase in my existing coverage. I was thinking about this scenario compared to 'cyber insurance' and, wow, what a difference. Knowing what I know, there appear to be minimal ...
Continue Reading... -
18 Aug 2014
A resource to help with PCI DSS 3.0’s penetration testing methodology requirements
PCI DSS has been getting a lot of buzz lately and the latest version 3.0 will continue gaining momentum until the many small and medium-sized businesses get their arms around the new requirements. Of particular interest is the updated requirement 11.3 (below) which is much more prescriptive on how to find the actual security flaws that matter. I've always believe that you can't secure what you don't acknowledge...PCI DSS 3.0 ...
Continue Reading... -
04 Jun 2014
More Web security vulnerability assessment, audit, and pen testing resources
I've been busy in the world of Web security testing - both with work and with writing. Check out these new pieces on the subject. I suspect I'll tick off a "researcher" or two given my business angle and 80/20 Rule-approach of focusing on the most problematic areas of Web security...Still, I hope that these are beneficial to you and what you're trying to accomplish in your organization: Key Web ...
Continue Reading... -
01 May 2014
Running vulnerability scans over VPN connections
If you haven't yet, you'll likely run into a situation where you need to run vulnerability scans over a VPN connection (i.e. for remote office networks). Well, certain scanners won't scan over "raw sockets" - the underlying communication method for certain VPN connections. Other scanners can't even connect to a remote network at all because they're caught up in their own little virtual machines that you cannot add a VPN ...
Continue Reading... -
13 Nov 2013
Reaver Pro: a simple tool for cracking WPA on a LOT of wireless networks
If wireless security testing is on your radar, you need to get Reaver Pro. As I outlined in this Hacking For Dummies, 4th edition chapter, Reaver Pro is a great tool for cracking the WPA pre-shared key on all those consumer-grade wireless APs/routers that everyone installs in the enterprise. The latest version of Reaver Pro is very simple to use. No live CDs or VMs to boot. You simply connect ...
Continue Reading... -
18 Oct 2013
What you need to know about security vulnerability assessments (that no one is willing to share)
I'd love it if you'd join me over at SearchSecurity.com next week where I'll be talking about the rest of the story regarding security assessments...You know the tools and you're probably familiar with the methodologies...that's why I'm going to share with you many other important aspects of security assessments that, unless someone tells you, you'll likely only learn the hard way. And that's no fun.In my webcast What you need ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
