• 25 May 2011

    If you don’t have NetScanTools Pro v11, you’re missing out

    It's been a long time coming but the latest incarnation of one of my favorite network/security tools - NetScanTools Pro v11 - is out. Kirk Thomas at Northwest Performance Software has done a bang-up job on the user interface in the new version...something that's gotten better - albeit slowly - over the years. Not that I could do any better - I can't imagine having to know network protocols at ...

    Continue Reading...
  • 28 Mar 2011

    A quick review of WebInspect 9 shows HP’s still got it

    It's been a long time coming but it's finally here: HP's WebInspect version 9. I've been using WebInspect for nearly 10 years now and I believe this new version of WebInspect is one of the most significant upgrades they've put out. They've essentially taken what was already one of the best Web vulnerability scanners and have made it better, especially when it comes to workflow and streamlined usability.A few things ...

    Continue Reading...
  • 02 Mar 2011

    Two career essentials: time management & hands-on experience

    If I had to choose two things that IT and information security pros need to focus on more than anything else, it'd be learning how to manage your time and continually fine-tuning your technical skills.Well here are two pieces I wrote for SearchWinIT.com that that delve into these topics:Time management strategies for the IT proLow-cost ways to get the IT skills you need...learn these skills and practice them over and ...

    Continue Reading...
  • 11 Jan 2011

    Tidbits on MS security, MBSA vs. the competition & cloud backups

    Here are a few new articles I wrote for TechTarget where I talk about IIS 7.5 security, encrypting Windows Server drives, MBSA vs. commercial vulnerability scanners and the dearly beloved cloud backup services. Enjoy!How vulnerable is Microsoft IIS 7.5 to attacks?Pros and cons of Windows Server drive encryptionWeighing MBSA against paid vulnerability scannersPreventing online backup security threats to your network...

    Continue Reading...
  • 23 Dec 2010

    Quick step-through of Metasploit Express

    I've been raving about the penetration testing tool Metasploit for a while. With the release of Metasploit Express earlier this year I'm even more pleased with all the efforts HD Moore and his team have put forth. Metasploit Express is a commercial product you'll have to pay for but to me it's well worth the investment. It's easier to use, it has nice reporting and more. All the things we ...

    Continue Reading...
  • 04 Nov 2010

    Using GFI LANguard to find open network shares

    Have you see what your users are sharing up on your network? What about your server shares - are they divulging too much PII and intellectual property to any Joe Blow on the network?Outside of mobile security (smartphone weaknesses, lack of laptop encryption, etc.) the problem of unstructured information scattered about the network is a very predictable high priority finding in any given security assessment.The reality is you cannot secure ...

    Continue Reading...
  • 18 Oct 2010

    AppDetectivePro v7 worth checking out

    Have you checked out Application Security's (somewhat) new AppDetectivePro version 7? Have you even heard of AppDetectivePro? If not, it needs to be on your radar. It's a powerful database vulnerability scanner that can perform both unauthenticated penetration tests as well as authenticated audits of SQL Server, Oracle, MySQL, DB2, Notes/Domino and Sybase (wow) systems. A screenshot of a penetration test of an Oracle 11g-based system is shown below:AppDetective is ...

    Continue Reading...
  • 30 Sep 2010

    Elcomsoft’s new Phone Password Breaker now supports the BlackBerry

    Elcomsoft's neat iPhone Password Breaker tool that can crack iPhone backup passwords just got 100% better. Now it's called Phone Password Breaker and supports BlackBerry backups. Nice.Combine such a tool with all the open shares and unstructured data scattered about the average network and you've got a pretty serious problem on your hands. That is unless you're using the tool in a security assessment and demonstrating the continued risks smartphones ...

    Continue Reading...
  • 27 Sep 2010

    Got VoIP? Better make sure it’s secure.

    Given that VoIP has been around for more than 10 years, it's hard to find a business where's it's not running in some capacity. I do find it interesting how many network managers aren't too concerned about the security of VoIP. People say things like "It's on the inside of the network", "It's running on a separate VLAN", and "We're PCI and HIPAA compliant but there's nothing of significance being ...

    Continue Reading...
  • 20 Sep 2010

    With this tool there’s no excuse to not analyze your source code

    A few months back I wrote about Checkmarx's CxDeveloper source code analysis product. Well, I've had some more recent source code analysis experience with the tool and thought I'd write a follow up piece.I'll start by saying that I can't stress how cost-effective this tool is for performing source code analysis...esp. when similar products cost MUCH more. Granted, I haven't performed my own run-off between CxDeveloper and the likes of ...

    Continue Reading...

Success expert Brian Tracy shares his thoughts on Kevin:

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.