• 18 Jul 2013

    Authenticated vulnerability scan pains…Rapid7 to the rescue.

    Apparently the folks at Rapid7 have people working on their Nexpose team that have actually performed security assessments for a living. You see, Nexpose has this seemingly trivial feature that can create a world of difference in the life of a security practitioner - it's part of the Site Configuration (i.e. scan settings) called Test Credentials as seen in the following screenshot: Sanity brought about by people who use their own ...

    Continue Reading...
  • 18 May 2013

    Web security answers are changing – a frustrating, challenging, and humbling journey

    In reading one of Brian Tracy's books, Brian discusses a story of Albert Einstein and an exam he gave to his graduate physics class at Princeton University. After the exam, Dr. Einstein was approached by a student who asked: "Dr. Einstein, wasn't that the same exam that you gave to this physics class last year?" Dr. Einstein replied "Yes, it was the same exam as last year." The student then ...

    Continue Reading...
  • 02 May 2013

    Is your approach to application security based in reality?

    I know I say this a lot here - I've been so busy writing that I've been remiss in posting my actual content. So...I've got some content on web and mobile application security and penetration testing this time around.You see, there are so many researchers, theories, and academic approaches to web and mobile security that it's simply overwhelming. Much of it doesn't apply to what businesses really need to be ...

    Continue Reading...
  • 29 Jan 2013

    Introducing the brand new Hacking For Dummies, 4th edition

    Well, it's here...the fourth edition of my book Hacking For Dummies is officially available today!Starting summer of 2012 and ending just before Christmas, I put in over 200 hours of blood, sweat, tears, and occasional cussing into this edition...more than any previous updates to the book. That said, my savvy technical editor, Peter Davis, and the wonderful editors at Wiley, Becky Huehls, Virginia Sanders, and Amy Fandrei were the real ...

    Continue Reading...
  • 07 Jun 2012

    The weakness of vulnerability scans that people (sadly) ignore

    Those of us who live and breathe information security on a daily basis understand that vulnerability scans are only part of the information security assessment equation. We can't live without them but as I've outlined here we by all means cannot rely on them completely.I was just speaking with a colleague about this and came up with an analogy for our overdependence on external vulnerability scans in the name of ...

    Continue Reading...
  • 17 Dec 2011

    WebInspect: How SQL injection testing *should* be done

    SQL injection is arguably the grandest of all security vulnerabilities. It can be exploited anonymously over the Internet to gain full access to sensitive information - and no one will ever know it occurred. Yet time and again it's either: overlooked by people who don't test all of their critical systems from every possible angle overlooked by people who haven't learned how to properly use their Web vulnerability scanners overlooked ...

    Continue Reading...
  • 22 Aug 2011

    Fine-tuning your Web application security

    I think I could write about Web application security every hour of every day...there's just so much involved with building secure apps, proper security testing, getting (and keeping) management on board and so on...But I wouldn't want to torture you in that way. Anyway, here are a few bits you may be interested in: Properly scoping your Web security assessments The cure for many Web application security ills How much ...

    Continue Reading...
  • 14 Jul 2011

    eEye’s Metasploit integration – we need more of this!

    Kudos to eEye Digital Security for integrating Metasploit within their Retina vulnerability scanner. According to this recent press release:"Using the free Retina Community scanner or the Retina Network Security Scanner (version 5.13.0 or higher), users can see whether a vulnerability has an associated exploit from Core Impact, Metasploit, or Exploit-db.com, allowing IT Security professionals to better prioritize vulnerabilities and fix the biggest risks first. In addition, if a Metasploit exploit ...

    Continue Reading...
  • 01 Apr 2011

    Web security tidbits on developers, leadership, weak passwords & more

    Here are a few pieces I've written recently on Web application security you may be interested in...things that affect each and every one of us working in IT and infosec:I wouldn’t want to be a developer these daysDon’t overlook the importance of authenticated testingYou can’t change what you tolerateTesting for weak passwords: a common oversight without a great solutionHow often should you test your web applications?Notable changes in the PCI ...

    Continue Reading...
  • 28 Mar 2011

    A quick review of WebInspect 9 shows HP’s still got it

    It's been a long time coming but it's finally here: HP's WebInspect version 9. I've been using WebInspect for nearly 10 years now and I believe this new version of WebInspect is one of the most significant upgrades they've put out. They've essentially taken what was already one of the best Web vulnerability scanners and have made it better, especially when it comes to workflow and streamlined usability.A few things ...

    Continue Reading...

Success expert Brian Tracy shares his thoughts on Kevin:

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.