-
27 Jun 2011Dropbox “bug” = why the cloud cannot be blindly trusted
I've been ranting about "the cloud" (what a tired term) for a couple of years now. As if we haven't seen enough examples lately of why we cannot put all our eggs in the cloud basket, here's one more with the "code bug" that impacted Dropbox's authentication mechanism over the weekend.Sure, Dropbox isn't an enterprise cloud app per se but I'll guarantee you it's impacting your enterprise this very moment. ...
Continue Reading... -
13 Jun 2011
New WebsiteDefender from @Acunetix worth a look-see
The folks at Acunetix have a neat new product/service called WebsiteDefender. I've yet to try it myself but it looks promising - fills a nice niche.WebsiteDefender is an agent-based tool for websites and WordPress-based blogs that:Scans your site for security flawsDetects malware running on your siteAlerts you to suspicious web site activity including file changesThe obvious benefit is to have a more secure online presence but as Acunetix is marketing ...
Continue Reading... -
25 May 2011
Web appsec compliance & low-hanging fruit – it’s all up to us!
Here are some recent pieces I wrote on Web application security common sense for my colleagues at Acunetix that you may be interested in:But Compliance is Someone Else’s Job!Low-hanging fruit becomes big news with the 2011 Verizon Data Breach reportGoing Beyond Confirmed Web Security FlawsEnjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to my 500+ articles, whitepapers, podcasts, webcasts, books and more....
Continue Reading... -
01 Apr 2011
Web security tidbits on developers, leadership, weak passwords & more
Here are a few pieces I've written recently on Web application security you may be interested in...things that affect each and every one of us working in IT and infosec:I wouldn’t want to be a developer these daysDon’t overlook the importance of authenticated testingYou can’t change what you tolerateTesting for weak passwords: a common oversight without a great solutionHow often should you test your web applications?Notable changes in the PCI ...
Continue Reading... -
28 Mar 2011
A quick review of WebInspect 9 shows HP’s still got it
It's been a long time coming but it's finally here: HP's WebInspect version 9. I've been using WebInspect for nearly 10 years now and I believe this new version of WebInspect is one of the most significant upgrades they've put out. They've essentially taken what was already one of the best Web vulnerability scanners and have made it better, especially when it comes to workflow and streamlined usability.A few things ...
Continue Reading... -
06 Feb 2011
Lessons on Web security threats and testing
Here are some recent webcasts/podcasts I recorded for SearchSoftwareQuality.com (@SoftwareTestTT) on Web application security:Security Lesson: Beating Web application security threatsSecurity Lesson: How to test for common security defectsI feel like I'm just scratching the surface on this topic but, thinking about what's going on out there, many people have yet to realize there's even a problem. Focus on these basics and you're going to eliminate the large majority of Web ...
Continue Reading... -
24 Jan 2011
Web application security testing: how much is enough?
How often should you test your Web sites and apps for #security flaws? Well, it depends of course! Here's a new bit I wrote where I delve into the different variables and things you need to be thinking about:How often should you test your web applications?Enjoy....
Continue Reading... -
16 Nov 2010
Becoming a more refined Web security expert
Here are some recent pieces I've written on Web application security and testing that you may be interested in. From getting started in your career to cloud security to doing Web application security testing the right way...check 'em out:The secrets to getting started in your software testing careerFour skills that will make you a better web security professionalBuilding solid security requirements Security oversights in the cloud: Asking the tough questionsWhy ...
Continue Reading... -
29 Oct 2010
The business side of Web security (you can’t afford to ignore)
Here's a new piece I wrote about the *other* aspects of Web security beyond the bits and bytes...Don't let this stuff catch you off guard.Preventing phishing attacks is not just a technical issue...
Continue Reading... -
27 Oct 2010
Talk about old school…
I recently came across a Web site I was creating an account for which stated the following for its login requirements:Your user name & password must consist of letters in all caps 4-7 characters in length.Too funny......
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
