-
22 Nov 2013A great infosec quote
The late (and great) Jim Rohn once said:“If you really want to do something, you'll find a way. If you don't, you'll find an excuse.” Oh my...so many information security tie-ins. ...
Continue Reading... -
13 Nov 2013
Reaver Pro: a simple tool for cracking WPA on a LOT of wireless networks
If wireless security testing is on your radar, you need to get Reaver Pro. As I outlined in this Hacking For Dummies, 4th edition chapter, Reaver Pro is a great tool for cracking the WPA pre-shared key on all those consumer-grade wireless APs/routers that everyone installs in the enterprise. The latest version of Reaver Pro is very simple to use. No live CDs or VMs to boot. You simply connect ...
Continue Reading... -
11 Nov 2013
My latest security content (lots of stuff on application security)
I thought you might be interested in my latest articles/tips on web and mobile application security:Why you need to pay attention to the slow HTTP attackLessons learned from a web security breachApplication security calls for a proactive approachUnderstanding the value of the OWASP Top 10 2013The Role Of An Automated Web Vulnerability Scanner In A Holistic Web Security AuditAre Obamacare’s health insurance exchanges secured? Likely not. Can software quality pros ...
Continue Reading... -
18 Oct 2013
What you need to know about security vulnerability assessments (that no one is willing to share)
I'd love it if you'd join me over at SearchSecurity.com next week where I'll be talking about the rest of the story regarding security assessments...You know the tools and you're probably familiar with the methodologies...that's why I'm going to share with you many other important aspects of security assessments that, unless someone tells you, you'll likely only learn the hard way. And that's no fun.In my webcast What you need ...
Continue Reading... -
08 Oct 2013
Windows 8.1 changes/enhancements, BitLocker’s improvements, and related Windows mobile/security tips
In addition to my independent information security assessments through my consultancy Principle Logic, I've been writing a ton...including a lot on Windows 8 and 8.1. Check out these new pieces published by my friends at TechTarget:What's old, what's new for the enterprise with Windows 8.1Understanding why Windows 8 for mobile is perfectly viable for enterprise use Don’t forget enterprise password protection in a merger or acquisition Three ways Sysinternals Process Explorer ...
Continue Reading... -
07 Oct 2013
Experiencing problems with authenticated web vulnerability scans? Try NTOSpider.
You're performing authenticated web vulnerability scans, right? If you're not, you're missing out...big time. When performing authenticated scans, you'll find a whole different set of security flaws likely consisting of session fixation, SQL injection (that often differs among user role levels), weak passwords, login mechanism flaws, and perhaps...just maybe that beloved cross-site request forgery flaw that may or may not be exploitable or even matter in the context of what ...
Continue Reading... -
06 Sep 2013
Sprechen Sie Deutsch? Hacking For Dummies now in German!
Check out the latest foreign-language edition of my book Hacking For Dummies:Hacking For Dummies is now in 6 languages: English, Estonian, German, Italian, Portuguese, and Simplified Chinese.Very cool. If you're like me and English is pretty much your only language, you can see more about that version here.Prost!...
Continue Reading... -
14 Aug 2013
Municipal information security weaknesses, hacking, careers, & committees
Here's some new content I've written recently on various information security topics you might be interested in:Government Security: Uncovering Your Weaknesses (common vulnerabilities I see when performing security assessments for municipalities)Eight questions to ask yourself before moving to C-suite management (are you really sure you want to do this!?)IT career paths: Working for yourself is an attainable dream (if you want to stop working for the man)Top 9 ways to ...
Continue Reading... -
12 Aug 2013
You can’t see the light ’til you open your eyes…
I noticed a lot of interesting topics/news coming from the Black Hat conference last week such as: SSH Communications Security Unveils General Availability Of SSH Risk Assessor ToolPreparing For Possible Future Crypto AttacksCrack of mobile SIM card crypto and virtual machine features could let an attacker target and clone a phone HTTPS Hackable In 30 Seconds: DHS AlertNo doubt, these are all worthy topics that will help improve information security over the ...
Continue Reading... -
18 Jul 2013
Authenticated vulnerability scan pains…Rapid7 to the rescue.
Apparently the folks at Rapid7 have people working on their Nexpose team that have actually performed security assessments for a living. You see, Nexpose has this seemingly trivial feature that can create a world of difference in the life of a security practitioner - it's part of the Site Configuration (i.e. scan settings) called Test Credentials as seen in the following screenshot: Sanity brought about by people who use their own ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
