• 17 Jun 2010

    Looking under the hood of the new OWASP Top 10 for 2010

    While I'm on a roll posting some recent content I thought I'd list this one as well:The new OWASP Top 10 for 2010 – Risk and RealitiesIn this piece I wrote for Acunetix's blog I talk about what the new OWASP Top 10 for 2010 is about, what it's not, and some considerations for leveraging it to help you minimize your business risks....

    Continue Reading...
  • 17 Jun 2010

    Got Domino? Don’t forget about security.

    Like Novell NetWare, there's plenty of Domino still running out there so we certainly can't be lax on security for that platform. Here are a couple of pieces I wrote regarding Domino security that you may be interested in:Domino security vulnerabilities to watch forGetting started with hardening Domino...

    Continue Reading...
  • 10 Jun 2010

    iPad “breach” – another sensationalistic Web flaw

    NewsFactor has a nice piece on the recent AT&T iPad "breach" that tells the story of how a code on AT&T's site was cracked exposing email addresses of iPad users. So, some criminals gleaned some email addresses from a telecom provider...In the grand scheme of things: big deal.I agree with Sophos' Paul Ducklin - I think this is being overblown...just like the sensationalism brought forth by my recent bit on ...

    Continue Reading...
  • 23 Apr 2010

    Re-post of my update on CSRF

    I was just informed by my editor at SearchSoftwareQuality.com that they're going to take my Ask the Expert response regarding CSRF (referred to in this post) offline until they've had a chance to review it. In the interest of not letting this fizzle out without people knowing what happened as well as maintaining my stance on the topic and further clarifying what I meant, here's the original question along with ...

    Continue Reading...
  • 15 Apr 2010

    Using POST vs. GET

    Here's a piece I wrote recently for SearchSoftwareQuality.com:Why use POST vs. GET to keep applications secureSure, it's not cut and dried but use the wrong one when you could've used the other, the resulting vulnerabilities can get ugly....

    Continue Reading...
  • 15 Apr 2010

    CSRF doesn’t matter?? The sky is falling!

    Here's a great piece where something I wrote put a grown man with a hacker handle's boxers in a bunch. With all due respect to what Robert has contributed to our field, he is missing the point of my 8 sentence statement about cross-site request forgery (CSRF) not being a top priority (formerly published on SearchSoftwareQuality.com). It reminds of me when I wrote about Changes coming to the OWASP Top ...

    Continue Reading...
  • 13 Apr 2010

    My webinar this week: Data Protection: The Realities of Proactive vs. Reactive

    Join me tomorrow around lunchtime (or breakfast depending on where you're at) for a webinar on Data Protection: The Realities of Proactive vs. ReactiveI'm going to talk for ~20 minutes and we'll have a Q&A at the end.It's at 12pm ET and you can register here:https://www1.gotomeeting.com/register/936383032Hope to "see" you there!...

    Continue Reading...
  • 02 Apr 2010

    THE process for successful Web security testing

    Here's a new piece I wrote for SearchSoftwareQuality.com where I talk about the lifecycle of testing for Web security flaws. From obtaining buy-in to reporting to the stakeholders, it's a process you need to master.Security testing best practices for today's Web 2.0 applications...

    Continue Reading...
  • 30 Mar 2010

    A couple of neat things about WebInspect

    If you're into finding the Web security flaws that matter HP's WebInspect should be on your short list of prospective Web vulnerability scanners. Over the past six months WebInspect has repeatedly found a couple of items that I know I otherwise wouldn't have uncovered or been able to exploit to the extent I did.The first is SQL injection. WebInspect does a very good job finding the actual flawed inputs but ...

    Continue Reading...
  • 29 Mar 2010

    Don’t forget about XSS *behind* the login prompt

    Don't assume that your Web security concerns stop at the login prompt. Here's a new piece I wrote where I talk about cross-site scripting (XSS) and whether or not it matters for logged-in users:Authenticated XSS - problem or not?...

    Continue Reading...

Success expert Brian Tracy shares his thoughts on Kevin:

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.