-
21 Oct 2008Google’s now in the security assessment business
It's focused, and targeted, and limited but maybe Google's new service is just what we need to find out where we're weak on the Web??Ha! If it were only that easy....
Continue Reading... -
23 Sep 2008
Big target for the bad guys
I just heard an ad on my local radio station about MedsFile.com....Knowing what's going on out there on the Web combined with the silly and careless Web application vulnerabilities I see in my work I cringed when I heard about what this company does. They store all of your medical records online in one convenient location. It's actually a great idea but there's certainly some room for abuse.I'm not picking ...
Continue Reading... -
05 Sep 2008
My security content from this week
Here are two articles I wrote for Security Technology & Design magazine (a really good trade rag covering both IT and physical security) as well as another piece for Redmond Developer News I was interviewed for. Enjoy!Get Certified? The real deal with information security training and certifications10 Ways to Protect Your Web ServersDespite Help From Microsoft, SQL Injections Remain A Threat As always, be sure to check out www.principlelogic.com/resources.html for ...
Continue Reading... -
02 Sep 2008
My security content from this week
Here's a piece I wrote for SearchDataBackup.com (a new TechTarget site I'm now writing for):Change management and disaster recovery...as well my thoughts on the latest and greatest version of BackTrack (a tool you've gotta get familiar with):Free security testing toolkit review: BackTrack 3As always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcast interviews, webcasts, and screencasts....
Continue Reading... -
27 Aug 2008
Do developers really think of security this way?
I was just perusing the latest Programmer's Paradise catalog. The catalog is chock full of developer tools - everything you need for application lifecycle management. Well almost. Their Security section of products made me laugh. I was expecting to see products like DevInspect, Ounce 6, and Fortify 360. But no, what's in there is what all too many developers still see as "security": Reflex Security's VSA Firewall, GFI EndPointSecurity, PGP ...
Continue Reading... -
26 Aug 2008
Finally…someone gets their Web security policy right!
When most companies claim Web "security" they tout SSL like I mentioned here. I've had trouble figuring out why the buck stops there...maybe because they're being written by people in marketing??Anyway, LinkedIn finally got it right. The security stipulation in their privacy policy goes beyond SSL:In order to secure your personal information, access to your data on LinkedIn is password-protected, and sensitive data (such as credit card information) is protected ...
Continue Reading... -
25 Aug 2008
My security content from last week – chock full of good stuff
OK - I finally got the links to my latest material. Here are some articles about getting management on board with security (one of the hardest things we face) , controlling unstructured information, Web apps, storage, and more that you may be interested in checking out: Making the Business Case for Information Security Document Security - Protecting sensitive information both inside and outside of the firewall 7 Essentials for Selecting ...
Continue Reading... -
25 Jul 2008
Saved by using multiple Web scanners…again.
I'm in the middle of a project analyzing the security of an e-commerce system. I found a lot of good stuff using WebInspect including one cross-site scripting flaw. However, the cross-site scripting issue was a little lame and next to impossible to re-create. So I decided to turn Acunetix Web Vulnerability Scanner loose on it just to see what it could find. Low and behold...four more cross-site scripting vulns! Wow.Like ...
Continue Reading... -
18 Jul 2008
My security content from this week
OK, we're back into the swing of things. Here are two information security articles of mine that were published this week:AJAX Security - Is anyone listening?Cross-site Scripting 102 - How it actually worksAnd here's a recent podcast as well:The latest on convergence and network standardsAs always, for my past information security content be sure to check out www.principlelogic.com/resources.html.Enjoy!...
Continue Reading... -
16 Jul 2008
Do your users do online banking at work?
Here's a good reason to not do online banking at work or an untrusted computer. When there's a will there's a way...this is why we'll always have work to do in this field....
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
