-
20 Apr 2016What you need to know about Checkmarx CxSAST version 8
Application security tool version upgrade usually don't excite me as it's often the same old, same old with a few new checks and niche features. However, the new version of Checkmarx CxSAST (formerly CxSuite, CxDeveloper, etc.) is spot-on. The next generation of the popular static source code analyzer - version 8 - was recently released and it contains some much-needed improvements over its predecessor. One thing that's glaringly evident in version 8 ...
Continue Reading... -
14 Apr 2016
Will the DBIR include Verizon’s latest breach?
I'm a little late to pull the trigger on this but felt compelled to ask the question nonetheless:Will Verizon include it's recent breach in its (presumably) forthcoming Data Breach Investigations Report? ...It's related to this press release I received ~3 weeks ago:...
Continue Reading... -
13 Apr 2016
Why data classification is a joke
I just saw this post on Slashdot about 0bama saying that classified means whatever it needs to mean. It reminds me of how data classification is treated as an information risk management function in the enterprise: mostly non-existent:Data classification programs that do exist are typically a joke whereby IT and security handles everything with no involvement from the business or legal or legal handles everything with IT and security being ...
Continue Reading... -
21 Mar 2016
Network complexity + intrusions = you’re not on top of things as much as you think.
Here are some new articles and guest blog posts that I've written on the subject of network complexity, intrusions, and how most people have a false sense of security. Enjoy!Dealing with today’s information systems complexityNetwork complexity: Bad for Business, Great for Job SecurityKnowing the warning signs of network intrusionsDuring and after a breach, all eyes are on youFive network security lessons learned from the Sony Pictures hackA perspective on the ...
Continue Reading... -
02 Mar 2016
A patch for stupid, PCI DSS penetration testing tips, and focusing on what matters in security
Here are some articles and guest blog posts I've written for my friends at TechTarget, Ziff Davis, AlgoSec, and Rapid7: - See more at: http://securityonwheels.blogspot.com/#sthash.QOKy5qXt.dpuThe follare some articles and guest blog posts I've written for my friends at TechTarget, Ziff Davis, AlgoSec, and Rapid7:The following are some new articles I've written for TechTarget and Ziff Davis. Enjoy!Maybe there is a patch for stupidSix areas of importance in the PCI Penetration ...
Continue Reading... -
22 Feb 2016
New independent content on information security
Here are some articles and guest blog posts I've written for my friends at TechTarget, Ziff Davis, AlgoSec, and Rapid7: Key Network Security Questions You Need To Ask Your Cloud Vendors - Now! Everything happens for a reason in security How one bad decision brought down an enterprise e-commerce site in minutes With security, periodic and consistent is key How emerging threat intelligence tools affect network security The science behind ...
Continue Reading... -
25 Jan 2016
LUCY – a very powerful email phishing tool
If you're an IT or information security professional you need to know about a great - and relatively new - tool that you can use as part of your security assessment and/or user awareness and training programs...it's called LUCY. I came across a small online blurb about LUCY a few months ago and thought I would check it out. Having dealt with both open source and commercial email phishing tools ...
Continue Reading... -
20 Jan 2016
Worst passwords (on your network right now)
The fifth-annual Worst Passwords List put out by SplashData is here and the findings aren't terribly surprising. Here are the top five:#1: 123456#2: password#3: 12345#4: 12345678#5: qwerty Good stuff! What's that quote about insanity? One of those security basics that we'll likely continue to ignore until the end of time. That's alright, as some of the best sideline analysts will proclaim: we need not focus on such trivial things. Well, they ...
Continue Reading... -
16 Jan 2016
Tips for taking your information security program to the top
Ready to make some changes to your information security program for 2016? You need to read these pieces I've recently written: Setting and achieving realistic information security program goals for 2016 Information security's chicken and egg problem (formerly published at toolbox.com) Security's gaping hole - policy enforcement (formerly published at toolbox.com) Four reasons people aren't buying what you're selling in IT (formerly published at toolbox.com) When security policies are bad ...
Continue Reading... -
14 Jan 2016
Hacking For Dummies, 5th edition – Brand new and more of what it oughta be
It's official - the 5th edition of my book Hacking For Dummies is out!Outside of the first edition that was written 13 years ago, this new edition has, by far, the most updates and improvements yet. All based on the mistakes I make and the things I learn in my hands-on work performing independent security vulnerability assessments and penetration tests, I feel like Hacking For Dummies has come of age.In ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including one of the best-sellers of all time:
