-
07 Oct 2013Experiencing problems with authenticated web vulnerability scans? Try NTOSpider.
You're performing authenticated web vulnerability scans, right? If you're not, you're missing out...big time. When performing authenticated scans, you'll find a whole different set of security flaws likely consisting of session fixation, SQL injection (that often differs among user role levels), weak passwords, login mechanism flaws, and perhaps...just maybe that beloved cross-site request forgery flaw that may or may not be exploitable or even matter in the context of what ...
Continue Reading... -
07 Sep 2010
The key to accurate and insightful Web security scans
You've likely found that Web vulnerability scanners aren't just point-and-click. Maybe so for relatively simplistic marketing websites but not for complex applications. In fact, one of the greatest ways to get a grand false sense of security is to turn a Web vulnerability scanner loose on your site/application and assume everything of consequence has been discovered and audited.The thing is we're now seeing an entirely new set of Web applications ...
Continue Reading... -
02 Apr 2010
THE process for successful Web security testing
Here's a new piece I wrote for SearchSoftwareQuality.com where I talk about the lifecycle of testing for Web security flaws. From obtaining buy-in to reporting to the stakeholders, it's a process you need to master.Security testing best practices for today's Web 2.0 applications...
Continue Reading... -
29 Sep 2009
XSS in my article on XSS!?
I "tweeted" about this but I had to post it here as well. I just realized that my new article for SearchSoftwareQuality.com on XSS actually executes JavaScript when loading because of some sample code I inserted into it!! It's not actual XSS but looks like it! Ahh the irony.Finding cross-site scripting (XSS) application flaws checklistBTW, I'm working on getting it resolved......
Continue Reading... -
21 Sep 2009
My latest security content
Here are a few new pieces just published. Enjoy!The lowdown on PCI complianceTesting rich Internet applications: 2009's best free toolsBig Brother or lowly minion - finding your role in ITBe sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts, my Twitter updates, and more....
Continue Reading... -
16 Sep 2009
My latest security content
Here's my latest information security content. Hope you enjoy!Big IT Lessons Small Businesses Can Learn (an IncTechnlogy.com piece I contributed to)How often should I change the passwords for my bank and other important online accounts? (a Women's Health magazine piece I contributed to)Web 2.0 application security troubleshooting, testing tutorialHIPAA-covered entities, business associates confront HITECH Act rulesTen sure-fire ways to derail your career in IT What you should know about cloud ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
