• 19 Mar 2012

    Neat tools to seek out sensitive files on laptops & websites

    "Oh yeah, I forgot about all of those files." I've never had a security tool lead to these predictable words regarding sensitive files being stored on unencrypted laptops as much as Identity Finder has. You may have seen Identity Finder in my previous post and related articles and presentations where I've mentioned or demonstrated it. Identity Finder is a commercial product that IT and information security professionals can use to ...

    Continue Reading...
  • 06 Feb 2012

    My new material on Web application & website security

    Here are several new pieces I've written on Web site/application security. Lots of angles and considerations:There’s more to web security than meets the eyeWeb passwords are often the weakest linkTo validate or not, is that the question?Protecting FTP services running on your Web serverThe critical Web-based systems that are going untested and unsecuredGood Web Security Tools and Why They MatterWhy you need intruder lockoutWeb security is like the layers of ...

    Continue Reading...
  • 16 Dec 2011

    AlgoSec & what happens when you don’t look for flaws from every angle

    I recently had the opportunity to see how well AlgoSec's Firewall Analyzer performs in a real-world security assessment. Long story short, Firewall Analyzer found a weak password on an Internet-facing firewall that would've gone undetected otherwise. A traditional vulnerability scanner didn't find it nor did two different Web vulnerability scanners. Nothing was uncovered via manual analysis either.Only AlgoSec's Firewall Analyzer found the weakness...no doubt a flaw that would've been exploited ...

    Continue Reading...
  • 11 Dec 2011

    Windows security exploits, all over again

    There's a good bit brewing in the Windows world regarding security and I suspect 2012 will make for an interesting year...Here are some new pieces I've written for TechTarget along these lines where I cover Windows 8 and SharePoint security, using Metasploit to exploit flaws as well as some Windows security oversights I see in practically every internal security assessment I do. Enjoy!Patching and continuous availability in Windows Server 8SharePoint ...

    Continue Reading...
  • 29 Nov 2011

    HDMoore’s Law, revisited

    Here's a good read by Mike Rothman (@securityincite) on how we tend to bury our heads in the sand over the most obvious things including HD Moore's Law. For years, I've had a slide in my presentations titled "Future Trends" where I've talked about how exploits are getting easier for those with ill intent:Easier access to toolsLittle knowledge neededLess elaborate “hacks”More internal breachesMobile business → less controlGreater complexity → more ...

    Continue Reading...
  • 06 Oct 2011

    My latest bits on Windows 7, Microsoft SCM and Metasploit

    Here are some new pieces I've written for my friends at TechTarget on Windows security that you may be interested in including bits on the often overlooked but oh so valuable Security Compliance Manager and Metasploit:Using Windows 7 management tools to your advantageGetting to know Security Compliance ManagerWhy aren’t you using Metasploit to expose Windows vulnerabilities?You know the deal, be sure to check out www.principlelogic.com/resources.html for links to all of ...

    Continue Reading...
  • 16 Sep 2011

    I love solid state drives but I’m no fan of OCZ

    I tweeted about this the other day but though it deserved a longer post. If you do anything with IT/security tools such as vulnerability scanners, network analyzers and the like you HAVE to get a solid state drive.Hands down, installing solid state drives in my laptops has been the best computer upgrade I have ever made in 22 years of using computers. Better than doubling my RAM, better than upgrading ...

    Continue Reading...
  • 14 Jul 2011

    eEye’s Metasploit integration – we need more of this!

    Kudos to eEye Digital Security for integrating Metasploit within their Retina vulnerability scanner. According to this recent press release:"Using the free Retina Community scanner or the Retina Network Security Scanner (version 5.13.0 or higher), users can see whether a vulnerability has an associated exploit from Core Impact, Metasploit, or Exploit-db.com, allowing IT Security professionals to better prioritize vulnerabilities and fix the biggest risks first. In addition, if a Metasploit exploit ...

    Continue Reading...
  • 27 Jun 2011

    The value of partial code scanning, now

    Check out my new piece on the business value of partial code scanning where I outline why it's better to start your source code analysis now instead of waiting around until certain milestones of your development projects are reached or your software applications are completed altogether.It's kind of funny and ironic that we humans are all about instant gratification, yet with information risk issues such as source code analysis, we ...

    Continue Reading...
  • 07 Jun 2011

    New tool for ferreting out users w/local admin rights

    Here's a free tool by @ViewFinity (the privilege management vendor I wrote about back in March) that helps you discover user accounts that have local admin rights:Viewfinity Local Admin Discovery...looks pretty neat if you have a need for running a quick test during an assessment or audit or just want to have something to use periodically to ensure user accounts are kept in check....

    Continue Reading...

Success expert Brian Tracy shares his thoughts on Kevin:

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.