-
25 Apr 2012My webcast on software source code analysis
Here's a recent webcast I put together with the folks at Checkmarx (makers of a dandy source code analyzer) that you may be interested in:The business value of partial code scanningEnjoy!...
Continue Reading... -
14 Mar 2012
My upcoming webcast with Checkmarx: How to Use Source Code Analysis to Improve Information Security
Join me next week, Thursday March 22, for a quick webcast where I'll be co-presenting on the topic of source code analysis and how it can improve your information security over time. I'm convinced that source code analysis is one of the missing links in the overall security process. As I say all the time: you cannot secure what you don't acknowledge. Ignoring security flaws at the source can be ...
Continue Reading... -
27 Jun 2011
The value of partial code scanning, now
Check out my new piece on the business value of partial code scanning where I outline why it's better to start your source code analysis now instead of waiting around until certain milestones of your development projects are reached or your software applications are completed altogether.It's kind of funny and ironic that we humans are all about instant gratification, yet with information risk issues such as source code analysis, we ...
Continue Reading... -
20 Sep 2010
With this tool there’s no excuse to not analyze your source code
A few months back I wrote about Checkmarx's CxDeveloper source code analysis product. Well, I've had some more recent source code analysis experience with the tool and thought I'd write a follow up piece.I'll start by saying that I can't stress how cost-effective this tool is for performing source code analysis...esp. when similar products cost MUCH more. Granted, I haven't performed my own run-off between CxDeveloper and the likes of ...
Continue Reading... -
04 Sep 2009
My latest security content
My goodness - it's been over a month since I've posted my latest security content...I've been so busy writing the stuff that posting the links has gotten put on the back burner. Good problem to have! Anyway, here's my latest:Networking to enhance your IT careerToeing the company line – is it good or bad for your IT career?Security and compliance can go together, when done in the right orderMaking sense ...
Continue Reading... -
29 Jun 2009
Great source code analysis tool
Finally, I've found an affordable and effective static source code analysis tool! It's called CxDeveloper - a product Israel-based Checkmarx that's distributed/supported by U.S.-based Security Innovation. Whew....it's a little confusing but what can you do.I've used CxDeveloper for over a year now and, like most products, it's not perfect. It crashes unexpectedly every now and then, it generates false-positives, its licensing process is kludgy and old-fashioned, and its reporting capabilities ...
Continue Reading... -
13 Jun 2008
My security content from this week
Here's an information security article of mine that was published this week:The realities of PCI DSS 6.6 application code reviewsI'll have a follow-up to this one on the realities of Web application firewalls coming soon.As always, for my past information security content be sure to check out www.principlelogic.com/resources.html.Enjoy!...
Continue Reading... -
28 May 2008
What do you do for Web site security…?
I received an email yesterday from Redmond Magazine (a good trade rag) that caught my attention. The title of the email said "Trust in Web Site Security is Declining. What Should You Do?" I thought, really!?...are you serious? and well, I don't know what to do, let me see just what the solution is. [tongue in cheek]Low and behold it was an email sponsored by Verisign about their whitepaper entitled ...
Continue Reading... -
23 May 2008
My security content from this week
Here's my one information security article that was published this week:Writing software requirements that address security issuesAs always, for my past information security content be sure to check out www.principlelogic.com/resources.html.Enjoy!...
Continue Reading... -
09 May 2008
My security content from this week
Here's an information security article published this week:Integrating source code analysis into your database security measures As always, for my past information security content be sure to check out www.principlelogic.com/resources.html.Enjoy!...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
