• 02 Jul 2008

    Funny view of ridicously unsecure Web apps

    My colleague Mike Rothman has a great post at SecurityIncite about Web application security and the "beta" mindset. I couldn't agree more....Just slap a beta tag on everything like Google does and you're off the hook!...

    Continue Reading...
  • 23 Jun 2008

    My security content from last week

    I was out the latter part of last week so I missed my 'deadline'. Here's an article hot off the press that you may be interested in:The realities of using WAFs for PCI DSS 6.6 complianceEnjoy!As always, check out www.principlelogic.com/resources.html for all of my past articles, webcasts, podcasts, and more.Publish Post...

    Continue Reading...
  • 16 Jun 2008

    Interesting product to protect source code

    If you write Windows apps (standard 32-bit or .NET) and want to protect them against reverse engineering and tampering check out V.i. Labs Code Armor. I haven't used it so I can't comment on how well it works...it just seems like a neat product.While most organizations have many, many security issues at a much higher level they need to focus on first, I could see such a product as a ...

    Continue Reading...
  • 13 Jun 2008

    My security content from this week

    Here's an information security article of mine that was published this week:The realities of PCI DSS 6.6 application code reviewsI'll have a follow-up to this one on the realities of Web application firewalls coming soon.As always, for my past information security content be sure to check out www.principlelogic.com/resources.html.Enjoy!...

    Continue Reading...
  • 11 Jun 2008

    100% Secure Site? Yeah, right…

    I was ordering some Aqua Globes today (I don't normally fall for these as-seen-on-TV products but this one seems to fit a need I have) and saw on their site a bold statement of "100% SECURE SITE". You can see it here. Apparently the same folks that have infiltrated other e-commerce sites claiming "HACKER PROOF".Wow - what a BOLD statement!I wonder how often they test their site/application using automated scanners ...

    Continue Reading...
  • 10 Jun 2008

    How to stumble across new Web vulnerabilities

    I just learned how a lesser-known Web vulnerability scanner can prove to be as valuable as the big dog high-end scanners. Acunetix Web Vulnerability Scanner - an excellent Web scanning tool, especially for the price - found a weak Web login/password combo. Obviously something that can lead to all sorts of security issues. It would take a lot more time and effort to uncover this in a real-world Web security ...

    Continue Reading...
  • 08 Jun 2008

    Why PCI DSS gets the attention of management

    I was thinking about all the hype surrounding PCI DSS requirement 6.6 compliance. The deadline is just three weeks away. I do a lot of compliance-related work and have seen the interpretation of 'compliance' all over the map. Why is PCI DSS any different?Well, for the most part, it's not like other regulations such as HIPAA and GLBA where many in management give it lip service but don’t really do ...

    Continue Reading...
  • 04 Jun 2008

    A good reason to lock your screen when you’re away…

    I was just thinking about all the passwords our Web browser(s) want save for us for the sake of convenience. It's a great feature that I know I couldn't live without. I know many other people do it too. If you're one of them, be very, very careful leaving your computer screen unlocked when you leave your desk - especially for lunch, for a meeting, or for the day. What ...

    Continue Reading...
  • 30 May 2008

    My security content from this week

    Here's an information security article of mine that was published this week:Free tools that can improve IIS securityAs always, for my past information security content be sure to check out www.principlelogic.com/resources.html.Enjoy!...

    Continue Reading...
  • 28 May 2008

    What do you do for Web site security…?

    I received an email yesterday from Redmond Magazine (a good trade rag) that caught my attention. The title of the email said "Trust in Web Site Security is Declining. What Should You Do?" I thought, really!?...are you serious? and well, I don't know what to do, let me see just what the solution is. [tongue in cheek]Low and behold it was an email sponsored by Verisign about their whitepaper entitled ...

    Continue Reading...

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

application security appsec basics books careers censorship CISO CISSP cities compliance coronavirus covid-19 cybersecurity data breaches hacking Hacking For Dummies heads in sand health incident response information risk keynote speaker leadership macOS networked cameras passwords patching racing resilience Russian hacking SDLC security culture security leadership security program management security speaker selling security social engineering speaking engagements spec miata sql injection tiktok time management training vulnerability and penetration testing web security

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.