-
11 May 2012Web application security assessment war stories
I spend a lot of time performing Web security assessments and every project is a neat learning experience for me. I'm always eager to share my Web security war stories, what to do and what NOT to do so here are some new pieces you may be interested in...From exploiting Web vulnerabilities to IT geek speak and a bunch of stuff in between, I hope there's something here for you:The ...
Continue Reading... -
10 May 2012
-
10 May 2012
Quote on reasoning with the unreasonable and why character is critical
Be it executives with their heads in the sand over security or know-it-all propeller heads who can't see the big picture of business risk, I've found that you just can't reason with the unreasonable. Here's something that Robert Schuller said that underscores the issue and helps us understand why being the bigger person is most important:"People are unreasonable, illogical and self-centered. Love them anyway. If you do good, people will ...
Continue Reading... -
03 May 2012
-
03 May 2012
The funny thing about iPhones & airplane toilets
My Delta co-passengers and I recently had the opportunity to experience a near 1-hour flight delay due to, none other than, some dude dropping his iPhone into the aft toilet on our fancy Boeing 757. I'm not making this up...Yep, there we were sitting at the gate and this guy comes up to the flight attendants to ask for some help getting his iPhone out of the crapper. Yuck! The ...
Continue Reading... -
25 Apr 2012
My webcast on software source code analysis
Here's a recent webcast I put together with the folks at Checkmarx (makers of a dandy source code analyzer) that you may be interested in:The business value of partial code scanningEnjoy!...
Continue Reading... -
23 Apr 2012
How are you spending your time?
Not long ago I had a conversation with a colleague of mine who's also a consultant. We were discussing the topic of how, even with today's shaky economy, people still goof off on the job as if they had nothing to lose.Are you seeing this too? I wrote about this phenomenon over three years ago. Funny how not much changes internally given all the external forces pressing down on us.Not ...
Continue Reading... -
16 Apr 2012
Basic features of WebInspect – the kind of stuff great scanners are made of
Wondering what helps minimize the pain, stress and time required to run effective Web vulnerability scans? It's the things you can see in the toolbar of HP's WebInspect: Start/Resume, Pause - because you're going to need to pause and resume your scans at some point.Rescan - because you're going to want to re-run the scan again or re-test for the flaws uncovered previously.Compare - because you're going to have a ...
Continue Reading... -
09 Apr 2012
-
08 Apr 2012
Disk encryption for HIPAA + HITECH & why BitLocker may not be the solution
I'm finally back in the swing of things after taking some time off for Spring Break. I hope you're enjoying your Spring as well.Here are two articles I've recently written about full disk encryption...arguably the greatest missing link in any given business's information security program.Things you need to think about regarding disk encryption and data protection for HIPAA and HITECHBitLocker’s improvements leave gaps to be aware ofEnjoy!As always, be sure ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
