-
19 Dec 2010MS Exchange security + hacking and hardening SQL Server
Here are some new articles I've written for TechTarget that you may be interested in:Nine Exchange server risks you don’t want to overlookTen hacker tricks to exploit SQL Server systems (and oldie that I recently updated)Do you need to harden SQL Server 2008 R2?Enjoy!...
Continue Reading... -
16 Nov 2010
Becoming a more refined Web security expert
Here are some recent pieces I've written on Web application security and testing that you may be interested in. From getting started in your career to cloud security to doing Web application security testing the right way...check 'em out:The secrets to getting started in your software testing careerFour skills that will make you a better web security professionalBuilding solid security requirements Security oversights in the cloud: Asking the tough questionsWhy ...
Continue Reading... -
18 Oct 2010
AppDetectivePro v7 worth checking out
Have you checked out Application Security's (somewhat) new AppDetectivePro version 7? Have you even heard of AppDetectivePro? If not, it needs to be on your radar. It's a powerful database vulnerability scanner that can perform both unauthenticated penetration tests as well as authenticated audits of SQL Server, Oracle, MySQL, DB2, Notes/Domino and Sybase (wow) systems. A screenshot of a penetration test of an Oracle 11g-based system is shown below:AppDetective is ...
Continue Reading... -
04 Oct 2010
Beware of the oversights w/default policies in Web vuln scanners
I just ran some Web vulnerability scans against an app I'm testing using a couple of default/benign scan policies. Nothing big turned up. I re-ran the scan using a full scan policy that checks for everything and the new MS10-070 ASP.NET padding oracle vulnerability reared its ugly head...BIG difference in the outcome.Keep this in mind when checking for Web security flaws with your automated scanners and never ever completely rely ...
Continue Reading... -
15 Sep 2010
Hacking Methodology chapter available for download
Chapter 4 of the latest edition of my book Hacking For Dummies is now available for download on TechTarget's SearchWindowsServer.com.If you like what you see, here's a direct link to the book on Amazon where you can save 34% off the cover price: Happy ethical hacking!...
Continue Reading... -
14 Sep 2010
Preventing email denial of service when scanning Web apps
Here's a new piece I've written that outlines one of those pesky Web scanning problems most of us have been affected by in some way or another:Ways to avoid email floods when running Web vulnerability scansHope this helps!...
Continue Reading... -
07 Sep 2010
The key to accurate and insightful Web security scans
You've likely found that Web vulnerability scanners aren't just point-and-click. Maybe so for relatively simplistic marketing websites but not for complex applications. In fact, one of the greatest ways to get a grand false sense of security is to turn a Web vulnerability scanner loose on your site/application and assume everything of consequence has been discovered and audited.The thing is we're now seeing an entirely new set of Web applications ...
Continue Reading... -
06 Sep 2010
Securing and hacking Windows go hand in hand
Computer hacking concepts extend to every nook and cranny of what we work with on a daily basis. Front and center are Windows-based servers. A large part of what I do in my work performing internal security vulnerability assessments - a.k.a. pen tests and audits - involves Windows servers. There's so much you can do to build up Windows server security and so much you can take to bring it ...
Continue Reading... -
02 Sep 2010
The case for zero-day testing
Here's a good piece by David Maynor regarding penetration testing and whether or not zero day exploits should be used. I agree with David. With penetration testing, ethical hacking, vulnerability assessments - whatever you want to call them - anything should be fair game. That is if you want a real-world view of what's at risk. Limiting your tests could skew the results and you'll end up with a false ...
Continue Reading... -
26 Aug 2010
Acunetix WVS v7 – grand improvements in the making
When I find a good security tool I not only love using it but I love telling everyone about it. Having gone down this road many times myself, I understand the time, money, and hassle associated with investing in security tools that aren't all that. Well, here's one for you: Acunetix Web Vulnerability Scanner (AWVS) version 7 (it's currently in beta and free for you to try).The folks at at ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
