• 23 Apr 2010

    Re-post of my update on CSRF

    I was just informed by my editor at SearchSoftwareQuality.com that they're going to take my Ask the Expert response regarding CSRF (referred to in this post) offline until they've had a chance to review it. In the interest of not letting this fizzle out without people knowing what happened as well as maintaining my stance on the topic and further clarifying what I meant, here's the original question along with ...

    Continue Reading...
  • 29 Mar 2010

    Got Linux security on your mind?

    Here's a new webcast and accompanying podcast I recently recorded for SearchEnterpriseLinux.com where I share some insight and opinions regarding the biggest weaknesses I'm seeing with Linux today...and what you can do about it:Tightening down Linux security (webcast)Tightening down Linux security (podcast)...

    Continue Reading...
  • 26 Jan 2010

    Webinar on database security this week

    Here's a webinar put on by Application Security, Inc. that I'm participating in this Thursday (1/28/10) in case you're interested...should be enlightening.Five Burning Questions Series: 2010 IT Security Auditor’s Roundtable...

    Continue Reading...
  • 07 Jan 2010

    My latest security content, Linux-style

    Hope your first week of the last decade of the new millennium is going well!Here's some more new information security content - focusing on Linux security this time around. Enjoy!Finding password weaknesses in your Linux systemsHardening Linux with Bastille UNIXUsing BackTrack to check for Linux vulnerabilitiesMany thanks to Leah Rosin with SearchEnterpriseLinux.com for getting me on board with these.You know the drill - as always, be sure to check out ...

    Continue Reading...
  • 18 Sep 2009

    4 things you can do right now to find out if your business is at risk

    Here's a link to a post I just made that you may be interested in:4 things you can do right now to find out if your business is at risk...

    Continue Reading...
  • 22 Jul 2009

    My latest security content

    Here's my latest information security content you may be interested in:E-discover the gaps in your information management processWeb security problems: Five ways to stop login weaknessesFixing four Web 2.0 input validation security mistakesSpotting rich Internet application security flaws with WebGoatCommon causes of Windows server security vulnerabilitiesManaging multiple passwords in WindowsAs always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts, my Twitter updates, ...

    Continue Reading...
  • 20 Jul 2009

    Imagine signing off on something you haven’t read

    Jeff Jacoby with the Boston Globe made an excellent point in his article regarding the Read The Bills Act (the law we need to prevent our own lawmakers from carelessly passing laws they haven't read nor understand).Jeff said: "Senators and representatives who vote on bills they haven't read and don't understand betray their constituents' trust. It is no excuse to say that Congress would get much less done if every ...

    Continue Reading...
  • 22 Jun 2009

    My latest security content

    OK, I've been busy and my articles have been stacking up. Here's the first set that were recently published. More to come later this week.Dumb things IT consultants doWhy it may not be ideal for your lawyer to be your compliance officerKeys to finding your IT consulting nicheIs all the PCI DSS compliance whining and complaining justified?Scoping your Web app security assessments for successEnjoy!As always, be sure to check out ...

    Continue Reading...
  • 21 Apr 2009

    RSA news: virtual machine security, finally!?

    Now vendors and developers have a way to ward off down those dreaded virtual machine vulnerabilities plaguing every network. It's VMware's VMsafe API to the rescue. Finally a virtual machine security solution!Now if we can just find a way to get people to:Require strong passwords on their virtual machinesPatch their virtual machinesDisable unnecessary and unsecured network shares on their virtual machinesTurn off unneeded services on their virtual machinesEncrypt the drives ...

    Continue Reading...
  • 16 Apr 2009

    What to look for in a security scanner

    Since I'm on the subject of talking about security scanners, here's a link to an article I wrote a couple of years ago that's still very relevant. Check it out:What to look for in a Web application security testing toolSome of what I say in this piece supports my stance in the previous blog that you cannot automate this stuff and assume you've done your due diligence....

    Continue Reading...

Success expert Brian Tracy shares his thoughts on Kevin:

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.