-
12 May 2009New version of Acunetix WVS is coming
I just downloaded and am eager to try out the latest from the guys at Acunetix: Acunetix Web Vulnerability Scanner version 6.5 beta. It seems like they just came out with version 6.0! My last post on it was only a couple of months ago.Acunetix WVS 6.5 beta has a new feature called "file upload forms vulnerability checks" which they claim is an industry first. This is interesting because I ...
Continue Reading... -
16 Apr 2009
What to look for in a security scanner
Since I'm on the subject of talking about security scanners, here's a link to an article I wrote a couple of years ago that's still very relevant. Check it out:What to look for in a Web application security testing toolSome of what I say in this piece supports my stance in the previous blog that you cannot automate this stuff and assume you've done your due diligence....
Continue Reading... -
16 Apr 2009
Someting you need to know about all-in-one scanners
I've been approached a couple of times in the past few weeks regarding the "scanner" and "vulnerability management" vendors that are touting their all-in-one approach to security vulnerability assessments and compliance scans. The interest has been around PCI DSS and specifically Rapid7's solutions (apparently their marketing folks are doing a good job). There are other vendors coming into the space as well including a big one being announced at RSA ...
Continue Reading... -
01 Apr 2009
WebInspect – the Mac Daddy Web app scanner?
I've recently covered two of my favorite, yet lesser-known, Web vulnerability scanners: Acunetix Web Vulnerability Scanner and N-Stalker Web Application Security Scanner. Two worthy products indeed. Now I'd like to shed some light on HP's WebInspect. I've been using WebInspect since before testing Web sites/apps was cool. In fact, WebInspect was one the original commercial Web scanners. It may have even been the first. Anyway, I started a relationship with ...
Continue Reading... -
20 Mar 2009
My latest security content
I've got some new information security content you may be interested in.First off, here's an article I wrote for SearchWinIT.com:Will a degree or certification help enhance your IT career?...and one I wrote for SearchEnterpriseDesktop.com:Why should Windows shops use Microsoft Baseline Security Analyzer?...and finally a webcast I just recorded for SearchSoftwareQuality.com:Essential Elements of Web Application Penetration TestingAs always, check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts ...
Continue Reading... -
10 Mar 2009
My latest security content
I have some new information security content that you may be interested in. First, here's an article I wrote for SearchSQLServer.com:The fine line between not encrypting your databases and breach notification...and two articles I wrote for SearchSoftwareQuality.com:Using the Firefox Web Developer extension to find security flawsCloud computing and application security: Issues and risksEnjoy!Also, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and ...
Continue Reading... -
10 Mar 2009
Using AirMagnet WiFi Analyzer for security assessments
While I'm on a roll testing out the latest security tools (can you tell I'm finally getting caught up on things?!) I wanted to write the follow-up to this previous post I promised regarding AirMagnet's wireless network analyzer (now dubbed WiFi Analyzer).I've been using WiFi Analyzer for years...it now supports 802.11n for those of you on the "bleeding edge" and it even has some automated security checks for "n". As ...
Continue Reading... -
10 Mar 2009
Gem of a Web application security book
It's three years old but Andres Andreu has put together a gem of a book on Web security testing:It covers Web apps, some commercial scanners, and practically every open source tool available for Web security testing. It also has some of the best coverage I've seen on testing Web services.Andres must've had a lot of time on his hands when he wrote it...I know firsthand how much effort it takes ...
Continue Reading... -
05 Mar 2009
Acunetix – a very good Web scanner that keeps getting better
OK, it didn't *just* get better...it's been out for several months - but I've just now gotten a chance to really sit down with it and take it for a spin and write a post about it. I'm talking about Acunetix Web Vulnerability Scanner version 6.NOTE_BEFORE_I_BEGIN: I don't do formal "reviews" but you know how excited I get over cool tools. I found something in this one that I thought ...
Continue Reading... -
26 Feb 2009
My latest security content
Here's my latest stuff....First off, here's an article I wrote for SearchEnterpriseDesktop.com:Using Sysinternals tools in security management scenarios (a follow-up to my previous Sysinternals article)...and a podcast I recorded for SearchCIO.comMobile data protection options for enterprise CIOs (transcript included!)Enjoy!Also, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and more....
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
