• 23 May 2008

    My security content from this week

    Here's my one information security article that was published this week:Writing software requirements that address security issuesAs always, for my past information security content be sure to check out www.principlelogic.com/resources.html.Enjoy!...

    Continue Reading...
  • 21 May 2008

    Don’t do this to yourself (and your company) in online meetings

    Here's another thought in the same spirit as my previous post where I talked about sharing out your desktop when using WebEx, GotoMeeting, and the like and then doing stuff that other people probably shouldn't see.I just attended a very unprofessional webcast put on by an otherwise respectable security vendor where a person on their end didn't have her phone muted. I could hear everything she was saying, part of ...

    Continue Reading...
  • 09 May 2008

    My security content from this week

    Here's an information security article published this week:Integrating source code analysis into your database security measures As always, for my past information security content be sure to check out www.principlelogic.com/resources.html.Enjoy!...

    Continue Reading...
  • 30 Apr 2008

    Yet another reason for testing your Web applications for security flaws

    This is a very interesting story. Apparently attackers are automating SQL injections on vulnerable sites/apps with SQL Server backends. I've always been a big fan of automated SQL injection tools such as what HP's WebInspect has built-in but this brings a whole new meaning to automated SQL injection!Yet another reason you need to be testing your Web applications for security vulnerabilities consistently and without fail....

    Continue Reading...
  • 19 Apr 2008

    My security content from this week

    Here are my articles and a podcast published this past week:Getting started with web application misuse casesFree security testing tools for Windows handheld devicesIns and outs of password securityAs always, for my past information security content be sure to check out www.principlelogic.com/resources.html.Enjoy!...

    Continue Reading...
  • 28 Mar 2008

    My security content from this week

    Just one article published this week:The Essentials of Web Application Threat ModelingFor all of my past information security content be sure to check out www.principlelogic.com/resources.html.Enjoy!...

    Continue Reading...
  • 14 Mar 2008

    My security content from this week

    Here's a webcast I recorded recently for SearchWindowsSecurity.com:Vulnerability Testing Blunders, Oversights, and Common Mistakes You Must Avoid...and a podcast interview with Mike Rothman:Hacker-Proof Your ApplicationsFor all of my past information security content be sure to check out www.principlelogic.com/resources.html....

    Continue Reading...
  • 12 Mar 2008

    New way of entering online passwords for brokerage houses

    I just heard on the Clark Howard radio show that online brokerage firms are moving towards Web authentication technologies that require you to enter your password with your mouse. This is presumably to help keep the bad guys from gleaning your login credentials using keystroke loggers.I hear about this all the time - especially in the brokerage industry - where the bad guys capture your user name and password (off ...

    Continue Reading...
  • 07 Feb 2008

    Be careful with old/backup files on your Web server

    If you're running an ASP-based site on an IIS server (of course), check for any old or backup .asp files that have been renamed with a .old, .bak, or similar extension. If present, the pages won't be rendered and delivered as the original ASP files would be. Instead, the actual source code is revealed. Not good for business.Oh, this could just as easily happen other platforms. I just had Microsoft ...

    Continue Reading...
  • 18 Jan 2008

    Neat tool to fight off keystroke loggers in web apps

    I came across the XecureCK tool in Brien Posey's recent SearchWindowsSecurity.com article. It's an application-specific program that's downloaded as an ActiveX control that must be installed on the user's browser (sort of ironic, eh?). It essentially creates an encrypted link between the Windows keyboard driver and the Web site to keep the user's credentials safe and secure...at least the credentials for that one Web site. Thinking back to my days ...

    Continue Reading...

Resources

view all

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

application security appsec basics books careers censorship CISO CISSP cities compliance coronavirus covid-19 cybersecurity data breaches hacking Hacking For Dummies heads in sand health incident response information risk keynote speaker leadership macOS networked cameras passwords patching racing resilience Russian hacking SDLC security culture security leadership security program management security speaker selling security social engineering speaking engagements spec miata sql injection tiktok time management training vulnerability and penetration testing web security

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.

For your convenience I accept