-
19 Apr 2010Have you seen Win7’s Windows XP Mode?
It's a great way for setting up a virtual testing environment. Here's a recent piece I wrote about it:Using Windows XP Mode for security testing in Windows 7I'm really digging Windows 7....even if you just upgrade your own machine, Windows 7 has lots of things that will help you work more efficiently....
Continue Reading... -
17 Apr 2010
Essentials for cracking SQL Server passwords
Looking to check the resiliency of your Microsoft SQL Server systems? You may very well find that you don't have to look much further than weak/blank passwords to gain full access. I've come across a few vulnerable SQL Server systems via manual analysis. However, I couldn't live without a small set of SQL Server password cracking tools that you should check out as well.Here's a piece I wrote that can ...
Continue Reading... -
07 Apr 2010
Tools & techniques for hacking Windows servers & workstations
Ever wonder how Windows servers get hacked? Perhaps you're unsure of which approach you need to use the get the most out of your security testing at the server and desktop levels? Or you may be wondering what you need to do to lock down Windows-based Web servers? Maybe you're curious about how Windows Server 2008 R2 stands up to security tests?Well, I've got just what you need to know ...
Continue Reading... -
29 Mar 2010
Don’t forget about XSS *behind* the login prompt
Don't assume that your Web security concerns stop at the login prompt. Here's a new piece I wrote where I talk about cross-site scripting (XSS) and whether or not it matters for logged-in users:Authenticated XSS - problem or not?...
Continue Reading... -
29 Mar 2010
Got Linux security on your mind?
Here's a new webcast and accompanying podcast I recently recorded for SearchEnterpriseLinux.com where I share some insight and opinions regarding the biggest weaknesses I'm seeing with Linux today...and what you can do about it:Tightening down Linux security (webcast)Tightening down Linux security (podcast)...
Continue Reading... -
26 Mar 2010
Great tool to check for weak Web passwords
I've always been a fan of Acunetix Web Vulnerability Scanner. It's a lesser-known tool that packs a big punch. One of its most redeeming qualities is its password checking. As I mentioned in this post, Acunetix Web Vulnerability Scanner took what was going to be a basic assessment of an Outlook Web Access system with very few findings up many notches into a true penetration of the system...all thanks to ...
Continue Reading... -
13 Oct 2009
Latest version of LANguard worth considering
Have you seen the new - OK, it's not that new any more - version of LANguard (formerly LANguard Network Security Scanner)? It's certainly a tool worth checking out if you do vulnerability scanning.I've been using LANguard for years for share finding and authenticated scanning and it does both very well. The biggest change in the latest version is the user interface. I've never been a big fan and I'm ...
Continue Reading... -
02 Sep 2009
Interesting flaw in Sears’ Web site all too common
Check out this bit about a security flaw recently revealed on Sears' Web site. As the researcher alluded to, hacking and security are way more than people exploiting known software flaws. There are so many other security issues with Web applications. I see it all the time when doing my manual analyses on Web sites/applications. The sky is the limit for these business logic vulnerabilities and I suspect it'll always ...
Continue Reading... -
30 Jun 2009
Tool to take the pain out of threat modeling
Can you tell I'm getting caught up on talking about some neat security tools worth checking out!? Well, here's another one: Amenaza's SecurITree that I first wrote about in my book Hacking For Dummies, 2nd edition. It's a decision support tool you can use to analyze specific threats to your business and the likelihood of attack. Threat modeling is something that many people do in their head "qualitatively" (or not ...
Continue Reading... -
26 Jun 2009
My latest security content
Here's my latest information security content you may be interested in: Testing rich Internet applications for security holes The pros and cons of host-based vs. appliance-based tape encryption As always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and more....
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
