-
12 Sep 2010You cannot secure what you don’t acknowledge
Here's a piece I wrote for SearchSMBStorage.com on storage security...specifically some must-have tools for finding storage-related security flaws in small business.Five must-have data storage security tools for smaller businessesIf you don't know what's where it'll be impossible to keep it secure....
Continue Reading... -
07 Sep 2010
The key to accurate and insightful Web security scans
You've likely found that Web vulnerability scanners aren't just point-and-click. Maybe so for relatively simplistic marketing websites but not for complex applications. In fact, one of the greatest ways to get a grand false sense of security is to turn a Web vulnerability scanner loose on your site/application and assume everything of consequence has been discovered and audited.The thing is we're now seeing an entirely new set of Web applications ...
Continue Reading... -
26 Aug 2010
Acunetix WVS v7 – grand improvements in the making
When I find a good security tool I not only love using it but I love telling everyone about it. Having gone down this road many times myself, I understand the time, money, and hassle associated with investing in security tools that aren't all that. Well, here's one for you: Acunetix Web Vulnerability Scanner (AWVS) version 7 (it's currently in beta and free for you to try).The folks at at ...
Continue Reading... -
20 Jun 2010
Like Metasploit? You’ve gotta check out Metasploit Express.
Here's a piece I just wrote for SearchEnterpriseDesktop.com where I talk about Rapid7's new Metasploit Express. It has its kinks and was a bit finicky to use but Metasploit Express will no doubt provide a breath of fresh air for pen testers - and now, less technical auditors - all around....
Continue Reading... -
17 Jun 2010
Using Windows 7’s virtual machine for security testing
Outside of those executives who have their heads in the sand over security there's hardly anything that can keep you from getting your work done more than a Windows system junked up with a bunch of security testing tools.Well, if VMware or VirtualBox haven't been a good fit, perhaps Windows XP Mode in Windows 7 will be. It's a cheap and seamless way to run your security testing tools in ...
Continue Reading... -
03 May 2010
Commercial WEP and WPA key recovery tools
Ever find yourself needing a wireless network analyzer that's easy to use and doesn't cost an arm and a leg? Well, CommView for WiFi is a great option...It's a product I've talked about for years in both Hacking For Dummies and Hacking Wireless Networks For Dummies. A neat thing about CommView for WiFi are its relatively new WEP and WPA key recovery add-ons. Referred to as WEPKR and WPAKR, they're ...
Continue Reading... -
19 Apr 2010
Have you seen Win7’s Windows XP Mode?
It's a great way for setting up a virtual testing environment. Here's a recent piece I wrote about it:Using Windows XP Mode for security testing in Windows 7I'm really digging Windows 7....even if you just upgrade your own machine, Windows 7 has lots of things that will help you work more efficiently....
Continue Reading... -
17 Apr 2010
Essentials for cracking SQL Server passwords
Looking to check the resiliency of your Microsoft SQL Server systems? You may very well find that you don't have to look much further than weak/blank passwords to gain full access. I've come across a few vulnerable SQL Server systems via manual analysis. However, I couldn't live without a small set of SQL Server password cracking tools that you should check out as well.Here's a piece I wrote that can ...
Continue Reading... -
07 Apr 2010
Tools & techniques for hacking Windows servers & workstations
Ever wonder how Windows servers get hacked? Perhaps you're unsure of which approach you need to use the get the most out of your security testing at the server and desktop levels? Or you may be wondering what you need to do to lock down Windows-based Web servers? Maybe you're curious about how Windows Server 2008 R2 stands up to security tests?Well, I've got just what you need to know ...
Continue Reading... -
30 Mar 2010
A couple of neat things about WebInspect
If you're into finding the Web security flaws that matter HP's WebInspect should be on your short list of prospective Web vulnerability scanners. Over the past six months WebInspect has repeatedly found a couple of items that I know I otherwise wouldn't have uncovered or been able to exploit to the extent I did.The first is SQL injection. WebInspect does a very good job finding the actual flawed inputs but ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
