• 02 May 2013

    Is your approach to application security based in reality?

    I know I say this a lot here - I've been so busy writing that I've been remiss in posting my actual content. So...I've got some content on web and mobile application security and penetration testing this time around.You see, there are so many researchers, theories, and academic approaches to web and mobile security that it's simply overwhelming. Much of it doesn't apply to what businesses really need to be ...

    Continue Reading...
  • 26 Apr 2013

    Clueless in the cloud – think before you act

    A recent Network World piece about an RSA 2013 panel that covered cloud forensics and whether or not your cloud providers will be able to come through for you in the event of a lawsuit or breach bringing some critical pitfalls of cloud computing.  Two things are certain:If you're lucky enough for your business to be around for the long haul, odds are that it'll ultimately be hit with a ...

    Continue Reading...
  • 07 Jun 2012

    The weakness of vulnerability scans that people (sadly) ignore

    Those of us who live and breathe information security on a daily basis understand that vulnerability scans are only part of the information security assessment equation. We can't live without them but as I've outlined here we by all means cannot rely on them completely.I was just speaking with a colleague about this and came up with an analogy for our overdependence on external vulnerability scans in the name of ...

    Continue Reading...
  • 16 Dec 2011

    AlgoSec & what happens when you don’t look for flaws from every angle

    I recently had the opportunity to see how well AlgoSec's Firewall Analyzer performs in a real-world security assessment. Long story short, Firewall Analyzer found a weak password on an Internet-facing firewall that would've gone undetected otherwise. A traditional vulnerability scanner didn't find it nor did two different Web vulnerability scanners. Nothing was uncovered via manual analysis either.Only AlgoSec's Firewall Analyzer found the weakness...no doubt a flaw that would've been exploited ...

    Continue Reading...
  • 22 Aug 2011

    Fine-tuning your Web application security

    I think I could write about Web application security every hour of every day...there's just so much involved with building secure apps, proper security testing, getting (and keeping) management on board and so on...But I wouldn't want to torture you in that way. Anyway, here are a few bits you may be interested in: Properly scoping your Web security assessments The cure for many Web application security ills How much ...

    Continue Reading...
  • 07 Jun 2011

    New tool for ferreting out users w/local admin rights

    Here's a free tool by @ViewFinity (the privilege management vendor I wrote about back in March) that helps you discover user accounts that have local admin rights:Viewfinity Local Admin Discovery...looks pretty neat if you have a need for running a quick test during an assessment or audit or just want to have something to use periodically to ensure user accounts are kept in check....

    Continue Reading...
  • 11 Jan 2011

    My “new” book on ethical hacking turns 1

    Today marks the one year anniversary of the publication of my "new" book Hacking For Dummies, 3rd edition.Wow, how time has flown by! Thanks so much to those of you who have provided both kind words and constructive criticism via your emails, Amazon.com reviews, and in your own independent sites and blogs. No doubt it'll soon be time to start planning out the 4th edition. Until then......

    Continue Reading...
  • 11 Jan 2011

    Beware the “network assessment”

    There are many IT services firms - including some run by friends and colleagues of mine - who perform something called "network assessments". The outcome of these assessments - which are usually aimed at SMBs - is to determine the overall health of your network and computing environment, supposedly including security.First, let me be clear that these are legitimate services to see where your network stands. That's fine and dandy ...

    Continue Reading...
  • 16 Nov 2010

    Becoming a more refined Web security expert

    Here are some recent pieces I've written on Web application security and testing that you may be interested in. From getting started in your career to cloud security to doing Web application security testing the right way...check 'em out:The secrets to getting started in your software testing careerFour skills that will make you a better web security professionalBuilding solid security requirements Security oversights in the cloud: Asking the tough questionsWhy ...

    Continue Reading...
  • 02 Sep 2010

    Crunch risk numbers or fix the obvious?

    My colleague Ben Rothke (@benrothke) recently wrote a good piece on basing information security decisions on good data. I like his approach - it'll make you think. It's true we do need good data so we can make better decisions. Sadly, we often don't have the data or, if we do, we're not qualified to interpret it.Maybe it's just me but I don't believe my degrees in computer engineering and ...

    Continue Reading...

Resources

view all

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

application security appsec basics books careers censorship CISO CISSP cities compliance coronavirus covid-19 cybersecurity data breaches hacking Hacking For Dummies heads in sand health incident response information risk keynote speaker leadership macOS networked cameras passwords patching racing resilience Russian hacking SDLC security culture security leadership security program management security speaker selling security social engineering speaking engagements spec miata sql injection tiktok time management training vulnerability and penetration testing web security

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.

For your convenience I accept