-
22 Jun 2009Web application security – ignorance or idiocy?
You've heard me rant about common management and developer views of Web security here and in the articles I write for TechTarget. Here's some third-party validation of my thoughts. Entertaining yet sad....
Continue Reading... -
20 Jun 2009
Time to teach kids about personal responsibility, and prison?
Here's some insight into what children are doing online these days. Great example of the lack of parenting, discipline, personal responsibility, and ability to think long-term we have going in our society.On a side note, perhaps the "Psychologists have long known that when an attacker does not see their victim, the normal inhibitions that prevent us from doing wrong become much weaker" bit explains why we see so much road ...
Continue Reading... -
03 Jun 2009
Neat (and free) tool for finding Flash flaws
HP's Application Security Center recently released SWFScan - a standalone tool that decompiles Flash applications and searches for security holes inside the code. Very cool.It's pretty surprising how many vulnerabilities Flash files can contain including XSS, embedded SQL statements, encryption keys, login credentials and more. Definitely worth downloading and taking it for a spin. Here's a screenshot of the interface and some findings:Also, check out Billy Hoffman's video walkthrough of ...
Continue Reading... -
19 May 2009
I’ve been saying this for a while
Apparently security researchers and Robert Abela with Acunetix agree with what I've been saying for a while: Web application firewalls aren't enough!Check out this post and the darkreading.com post it links to....
Continue Reading... -
12 May 2009
New version of Acunetix WVS is coming
I just downloaded and am eager to try out the latest from the guys at Acunetix: Acunetix Web Vulnerability Scanner version 6.5 beta. It seems like they just came out with version 6.0! My last post on it was only a couple of months ago.Acunetix WVS 6.5 beta has a new feature called "file upload forms vulnerability checks" which they claim is an industry first. This is interesting because I ...
Continue Reading... -
12 May 2009
Do two wrongs make a right?
I came across this bit recently on whether or not it's considered illegal hacking if security vendors and researchers become Internet crime fighters.Maybe it's just me but I think this is risky behavior. Want to hack something? Then setup your own systems to hack...or find a willing participant or paying client, get their permission in writing, and do it the right way....
Continue Reading... -
05 May 2009
Hilarious/ridiculous password requirements
I came across some very laughable Web-site password requirements with some sites I've used recently that I wanted to share. The need for us to use strong passwords/passphrases on the Web is pretty obvious. I also believe in balancing security with reality and not going overboard.My first example is just that: overboard. It's AT&T Wireless. Check out their ridiculous password requirements:Your password is case-sensitive and must:- Be six to twenty ...
Continue Reading... -
27 Apr 2009
My latest security content
Here's my latest information security content for your perusal.For starters, here's an article I wrote for Security Technology Executive magazine:Social Engineering: The big risk no one's thinking aboutHere's an article I re-published for a local Atlanta site called TechLINKs:How's your information security culture?Here's a bit I wrote for SearchDataBackup.com:Data security concerns with online backup...and here's a podcast I recorded for SearchCompliance.com:The future of compliance policy managementAs always, be sure to ...
Continue Reading... -
16 Apr 2009
What to look for in a security scanner
Since I'm on the subject of talking about security scanners, here's a link to an article I wrote a couple of years ago that's still very relevant. Check it out:What to look for in a Web application security testing toolSome of what I say in this piece supports my stance in the previous blog that you cannot automate this stuff and assume you've done your due diligence....
Continue Reading... -
13 Apr 2009
My latest security content
OK, here's my latest information security content.For starters, here are two articles I wrote for SearchSoftwareQuality.com:Common software security risks and oversights The role of quality assurance pros in software security...as well as a follow-up to a previous SearchEnterpriseLinux.com article:A look at real-world exploits of Linux security vulnerabilitiesI've said it before and I'll say it again, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
