-
22 Oct 2021Veracode’s secure code training – a possible boost to your developer & security staff
Something I found about not long ago is that Veracode is now offering a 114 day free trial of their Security Labs Enterprise appsec training program. Given the importance of application security and, especially, the big application security challenges I'm seeing in my work, this could be something beneficial for you and your team. Here's the link: https://info.veracode.com/security-labs-free-trial.html Hope this helps!...
Continue Reading... -
14 May 2014Web security vulnerability testing and management resources you need
Here are some recent pieces I've written that can make or break your success in information security: - See more at: http://securityonwheels.blogspot.com/#sthash.YEhOcnEF.dpufHere are some recent pieces I've written that can make or break your success in information security: - See more at: http://securityonwheels.blogspot.com/#sthash.YEhOcnEF.dpufHere are some recent pieces I've written that can make or break your success in information security: - See more at: http://securityonwheels.blogspot.com/#sthash.YEhOcnEF.dpufHere are some recent pieces I've written ...
Continue Reading... -
11 Nov 2013
My latest security content (lots of stuff on application security)
I thought you might be interested in my latest articles/tips on web and mobile application security:Why you need to pay attention to the slow HTTP attackLessons learned from a web security breachApplication security calls for a proactive approachUnderstanding the value of the OWASP Top 10 2013The Role Of An Automated Web Vulnerability Scanner In A Holistic Web Security AuditAre Obamacare’s health insurance exchanges secured? Likely not. Can software quality pros ...
Continue Reading... -
18 May 2013
Web security answers are changing – a frustrating, challenging, and humbling journey
In reading one of Brian Tracy's books, Brian discusses a story of Albert Einstein and an exam he gave to his graduate physics class at Princeton University. After the exam, Dr. Einstein was approached by a student who asked: "Dr. Einstein, wasn't that the same exam that you gave to this physics class last year?" Dr. Einstein replied "Yes, it was the same exam as last year." The student then ...
Continue Reading... -
12 Dec 2011
Why uninterruptible power supplies have higher quality than Web apps
I recently purchased an APC uninterruptible power supply for my office and noticed something peculiar in the packaging. It was a small piece of paper that says "QUALITY ASSURANCE TEST". It has the time, date, operator ID and other identifying information for the specific piece of hardware.As you can see in the image, this QA test sheet has 33 unique tests that were performed on the unit presumably before it ...
Continue Reading... -
27 Jun 2011
The value of partial code scanning, now
Check out my new piece on the business value of partial code scanning where I outline why it's better to start your source code analysis now instead of waiting around until certain milestones of your development projects are reached or your software applications are completed altogether.It's kind of funny and ironic that we humans are all about instant gratification, yet with information risk issues such as source code analysis, we ...
Continue Reading... -
01 Apr 2011
Web security tidbits on developers, leadership, weak passwords & more
Here are a few pieces I've written recently on Web application security you may be interested in...things that affect each and every one of us working in IT and infosec:I wouldn’t want to be a developer these daysDon’t overlook the importance of authenticated testingYou can’t change what you tolerateTesting for weak passwords: a common oversight without a great solutionHow often should you test your web applications?Notable changes in the PCI ...
Continue Reading... -
09 Aug 2010
How you can get developers on board with security starting today
Some people - including a brilliant colleague of mine - think security is not the job of software developers. In the grand scheme of things I think such an approach is shortsighted and bad for business. It's kind of like an auto assembly line worker not being responsible for the quality of his work or citizens not being responsible for their own healthcare (oh wait!) or why the bottom 50% ...
Continue Reading... -
15 Apr 2010
Using POST vs. GET
Here's a piece I wrote recently for SearchSoftwareQuality.com:Why use POST vs. GET to keep applications secureSure, it's not cut and dried but use the wrong one when you could've used the other, the resulting vulnerabilities can get ugly....
Continue Reading... -
12 May 2009
Secure code by force?
The Senate Homeland Security Committee, in their infinite wisdom, prodded by SANS' Alan Paller apparently believe they can legislate secure software from IT vendors.That'd be like legislating more secure health records, and personal financial information, and so on. Oh wait, that has been done. And it's not working all that well as far as I can tell.That'd also be like legislating higher-quality cars. Ha! The Feds can work that out ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
