-
16 Sep 2009My latest security content
Here's my latest information security content. Hope you enjoy!Big IT Lessons Small Businesses Can Learn (an IncTechnlogy.com piece I contributed to)How often should I change the passwords for my bank and other important online accounts? (a Women's Health magazine piece I contributed to)Web 2.0 application security troubleshooting, testing tutorialHIPAA-covered entities, business associates confront HITECH Act rulesTen sure-fire ways to derail your career in IT What you should know about cloud ...
Continue Reading... -
02 Sep 2009
Interesting flaw in Sears’ Web site all too common
Check out this bit about a security flaw recently revealed on Sears' Web site. As the researcher alluded to, hacking and security are way more than people exploiting known software flaws. There are so many other security issues with Web applications. I see it all the time when doing my manual analyses on Web sites/applications. The sky is the limit for these business logic vulnerabilities and I suspect it'll always ...
Continue Reading... -
19 Aug 2009
No soup for you….20 years!
Here's a bit on the recent indictment of a Florida man known as the soupnazi (man, I miss Seinfeld) and two Russians for the data breaches of Heartland, Hannaford, and many others. Facing 20 years and a $250,000+ fine and he still has other cases pending!The funny thing is that he's a former informant to the U.S. Secret Service!Lesson to be learned: test your systems for security vulnerabilities before the ...
Continue Reading... -
10 Aug 2009
Finally, an upgrade to ISA Server
Here's a bit about Microsoft's forthcoming Threat Management Gateway. Certainly worth considering if you're an ISA Server fan and potentially a competing solution to some of the third-party gateway security solutions on the market....
Continue Reading... -
05 Aug 2009
Why you need to read privacy policies
In case you haven't heard, apparently our Imperial Federal Government was at it again with their recent draconian privacy policy on the Cash for Clunkers web site. Here's a snippet of the policy:"Any or all uses of this system, any or all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized CARS, DOT, and law enforcement personnel ...
Continue Reading... -
22 Jul 2009
Neat tool for keeping the riff-raff off your Web systems
I'm not sure how big a problem content and bandwidth theft are but I suspect they're getting worse with blogging, Twitter, and so on. If this is something that's affecting you, check out LinkDeny. Pretty cool solution for keeping junk requests away from your IIS-based sites/apps....
Continue Reading... -
22 Jul 2009
My latest security content
Here's my latest information security content you may be interested in:E-discover the gaps in your information management processWeb security problems: Five ways to stop login weaknessesFixing four Web 2.0 input validation security mistakesSpotting rich Internet application security flaws with WebGoatCommon causes of Windows server security vulnerabilitiesManaging multiple passwords in WindowsAs always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts, my Twitter updates, ...
Continue Reading... -
16 Jul 2009
Another ridiculous way of handling Web passwords
I use iContact's marketing service. It's an overall great app and reputable company but they've now made my list of ridiculous password requirements. I was logging in to their site today using what I consider to be a strong password and got this message:As part of our latest application security upgrade, iContact has strengthened the criteria for account passwords. To access your account, you must first reset your password.So I ...
Continue Reading... -
26 Jun 2009
My latest security content
Here's my latest information security content you may be interested in: Testing rich Internet applications for security holes The pros and cons of host-based vs. appliance-based tape encryption As always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and more....
Continue Reading... -
22 Jun 2009
My latest security content
OK, I've been busy and my articles have been stacking up. Here's the first set that were recently published. More to come later this week.Dumb things IT consultants doWhy it may not be ideal for your lawyer to be your compliance officerKeys to finding your IT consulting nicheIs all the PCI DSS compliance whining and complaining justified?Scoping your Web app security assessments for successEnjoy!As always, be sure to check out ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
