• 17 Feb 2011

    Are you focusing on the infosec basics where it counts?

    Here's a good read from @arstechnica on the HBGary story. It's a fascinating story in and of itself. But the oversights related to information security "best practices" is amazing. What is it going to take to get people to focus on the basics? Seriously, folks...Forget about all the fancy hack attacks and complex exploits for now and fix the low-hanging fruit. It's basic triage - stop the bleeding first. Focus ...

    Continue Reading...
  • 17 Feb 2011

    Not surprised by the Wells Fargo ATM outage based on what I see

    Here's an interesting story about the widespread Wells Fargo ATM outage that occurred last week. There's speculation around the cause of the outage. Was it a hack? Was the system inadvertently taken down during system upgrades? Who knows...What I can say is that virtually every ATM I've come across in my work performing internal security assessments in/around the financial industry has been riddled with security holes. I've seen weak OS ...

    Continue Reading...
  • 06 Feb 2011

    Lessons on Web security threats and testing

    Here are some recent webcasts/podcasts I recorded for SearchSoftwareQuality.com (@SoftwareTestTT) on Web application security:Security Lesson: Beating Web application security threatsSecurity Lesson: How to test for common security defectsI feel like I'm just scratching the surface on this topic but, thinking about what's going on out there, many people have yet to realize there's even a problem. Focus on these basics and you're going to eliminate the large majority of Web ...

    Continue Reading...
  • 11 Jan 2011

    My “new” book on ethical hacking turns 1

    Today marks the one year anniversary of the publication of my "new" book Hacking For Dummies, 3rd edition.Wow, how time has flown by! Thanks so much to those of you who have provided both kind words and constructive criticism via your emails, Amazon.com reviews, and in your own independent sites and blogs. No doubt it'll soon be time to start planning out the 4th edition. Until then......

    Continue Reading...
  • 11 Jan 2011

    Tidbits on MS security, MBSA vs. the competition & cloud backups

    Here are a few new articles I wrote for TechTarget where I talk about IIS 7.5 security, encrypting Windows Server drives, MBSA vs. commercial vulnerability scanners and the dearly beloved cloud backup services. Enjoy!How vulnerable is Microsoft IIS 7.5 to attacks?Pros and cons of Windows Server drive encryptionWeighing MBSA against paid vulnerability scannersPreventing online backup security threats to your network...

    Continue Reading...
  • 23 Dec 2010

    Quick step-through of Metasploit Express

    I've been raving about the penetration testing tool Metasploit for a while. With the release of Metasploit Express earlier this year I'm even more pleased with all the efforts HD Moore and his team have put forth. Metasploit Express is a commercial product you'll have to pay for but to me it's well worth the investment. It's easier to use, it has nice reporting and more. All the things we ...

    Continue Reading...
  • 19 Dec 2010

    MS Exchange security + hacking and hardening SQL Server

    Here are some new articles I've written for TechTarget that you may be interested in:Nine Exchange server risks you don’t want to overlookTen hacker tricks to exploit SQL Server systems (and oldie that I recently updated)Do you need to harden SQL Server 2008 R2?Enjoy!...

    Continue Reading...
  • 11 Nov 2010

    Internet Password Breaker – yet another reason to encrypt your laptops

    Elcomsoft just released their new version of Elcomsoft Internet Password Breaker which now supports Chrome, Opera, Safari and Firefox. In essence the program can recover passwords, sensitive form data and so on that users have conveniently stored in their browsers for the past, oh, several years. Furthermore, the tool can now instantly recover Microsoft Outlook, Outlook Express, Windows Mail and Windows Live Mail account info, user IDs, passwords and cached ...

    Continue Reading...
  • 04 Nov 2010

    Using GFI LANguard to find open network shares

    Have you see what your users are sharing up on your network? What about your server shares - are they divulging too much PII and intellectual property to any Joe Blow on the network?Outside of mobile security (smartphone weaknesses, lack of laptop encryption, etc.) the problem of unstructured information scattered about the network is a very predictable high priority finding in any given security assessment.The reality is you cannot secure ...

    Continue Reading...
  • 18 Oct 2010

    AppDetectivePro v7 worth checking out

    Have you checked out Application Security's (somewhat) new AppDetectivePro version 7? Have you even heard of AppDetectivePro? If not, it needs to be on your radar. It's a powerful database vulnerability scanner that can perform both unauthenticated penetration tests as well as authenticated audits of SQL Server, Oracle, MySQL, DB2, Notes/Domino and Sybase (wow) systems. A screenshot of a penetration test of an Oracle 11g-based system is shown below:AppDetective is ...

    Continue Reading...

Success expert Brian Tracy shares his thoughts on Kevin:

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance confidentiality coronavirus covid-19 cybersecurity data breaches defensibility discipline eagle syndrome hacking Hacking For Dummies helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords patching policy enforcement Power Four rare diseases resilience Russian hacking security security leadership social engineering tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.