• 12 Aug 2010

    Metasploit enters the Web arena

    OK, Metasploit has had several Web-related exploits for years but HD and company are now getting serious about taking Web application scanning and exploitation to the next level.As with Metasploit and Metasploit Express, there's only so much you can do with scanner and exploit tools so the verdict is still out. I love this innovation nonetheless....

    Continue Reading...
  • 20 Jun 2010

    Like Metasploit? You’ve gotta check out Metasploit Express.

    Here's a piece I just wrote for SearchEnterpriseDesktop.com where I talk about Rapid7's new Metasploit Express. It has its kinks and was a bit finicky to use but Metasploit Express will no doubt provide a breath of fresh air for pen testers - and now, less technical auditors - all around....

    Continue Reading...
  • 17 Jun 2010

    Ethical hacking and Windows

    I recently recorded a podcast with my esteemed editor at SearchWindowsServer.com, Brendan Cournoyer, where we talked about ethical hacking, finding the things that matter in your environment, testing tools and my new book Hacking For Dummies, 3rd edition. Check it out:How ethical hacking fits into Windows security tests...

    Continue Reading...
  • 17 Jun 2010

    Using Windows 7’s virtual machine for security testing

    Outside of those executives who have their heads in the sand over security there's hardly anything that can keep you from getting your work done more than a Windows system junked up with a bunch of security testing tools.Well, if VMware or VirtualBox haven't been a good fit, perhaps Windows XP Mode in Windows 7 will be. It's a cheap and seamless way to run your security testing tools in ...

    Continue Reading...
  • 07 Apr 2010

    Tools & techniques for hacking Windows servers & workstations

    Ever wonder how Windows servers get hacked? Perhaps you're unsure of which approach you need to use the get the most out of your security testing at the server and desktop levels? Or you may be wondering what you need to do to lock down Windows-based Web servers? Maybe you're curious about how Windows Server 2008 R2 stands up to security tests?Well, I've got just what you need to know ...

    Continue Reading...
  • 30 Mar 2010

    A couple of neat things about WebInspect

    If you're into finding the Web security flaws that matter HP's WebInspect should be on your short list of prospective Web vulnerability scanners. Over the past six months WebInspect has repeatedly found a couple of items that I know I otherwise wouldn't have uncovered or been able to exploit to the extent I did.The first is SQL injection. WebInspect does a very good job finding the actual flawed inputs but ...

    Continue Reading...
  • 29 Mar 2010

    Don’t forget about XSS *behind* the login prompt

    Don't assume that your Web security concerns stop at the login prompt. Here's a new piece I wrote where I talk about cross-site scripting (XSS) and whether or not it matters for logged-in users:Authenticated XSS - problem or not?...

    Continue Reading...
  • 26 Mar 2010

    Great tool to check for weak Web passwords

    I've always been a fan of Acunetix Web Vulnerability Scanner. It's a lesser-known tool that packs a big punch. One of its most redeeming qualities is its password checking. As I mentioned in this post, Acunetix Web Vulnerability Scanner took what was going to be a basic assessment of an Outlook Web Access system with very few findings up many notches into a true penetration of the system...all thanks to ...

    Continue Reading...
  • 05 Feb 2010

    Looking past Layer 7 – Web security is more than the app

    Here's a bit I wrote on why we need to look deeper than the application when testing our Web security:Looking past Layer 7...it's the little, often overlooked, things that'll get you....

    Continue Reading...
  • 03 Nov 2009

    Good dictionary to use for password cracking

    Here's a pretty comprehensive password dictionary I recently came across that you may want to use in your security testing...there may be "friendlier" download link but I haven't searched for it.If time is a factor, this dictionary may be too big for its own good given the time it'd take to run through everything but at least you know you're using a good dictionary. After all, your dictionary-based password cracking ...

    Continue Reading...

Success expert Brian Tracy shares his thoughts on Kevin:

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.