-
12 Feb 2012SQL injection cheatsheet & tips for getting management on board
Here's a neat "cheatsheet" on SQL injection by NTObjectives that outlines some common attack strings, commands and so forth. Their SQL Invader SQL injection tool is worth checking out as well. If you're having trouble selling management on the dangers of SQL injection, check out this piece I wrote about it not long ago: SQL Injection – The Web Flaw That Keeps on Giving Ten Ways to Sell Security to ...
Continue Reading... -
10 Feb 2012
Video: The one infosec skill you need to be working on
Develop and maintain this one skill and you'll position yourself to be a much more valuable information security professional: ...
Continue Reading... -
09 Feb 2012
Video: My new whitepaper on advanced malware and how Damballa Failsafe fits in
Introduction to the threat we're facing and my new whitepaper The Malware Threat Businesses are Ignoring and How Damballa Failsafe Fits In: ...
Continue Reading... -
08 Feb 2012
Video: My new whitepaper on SQL Server security threats & compliance
Check out my new whitepaper The SQL Security Security Threat - It's closer than you think sponsored by Idera:...
Continue Reading... -
08 Feb 2012
What’s it going to take for police departments to secure their websites?
Here's yet another story about a police department website being compromised by criminal hackers. When a regular citizen's home address is exposed, that's one thing. But when the addresses of police chiefs are published online, that opens up an entirely new set of risks for their personal safety. Sad. Hey, at least the police chiefs I know are armed and well-trained experts. Would be pretty foolish to try and attack ...
Continue Reading... -
08 Feb 2012
Introducing my information security YouTube channel – PrincipleLogic
Check out my new YouTube channel (www.youtube.com/PrincipleLogic): I'm really excited about this. More videos coming soon.I plan to post video blogs once or twice a week so be sure to subscribe on YouTube or via my RSS feed.Enjoy!...
Continue Reading... -
06 Feb 2012
My new material on Web application & website security
Here are several new pieces I've written on Web site/application security. Lots of angles and considerations:There’s more to web security than meets the eyeWeb passwords are often the weakest linkTo validate or not, is that the question?Protecting FTP services running on your Web serverThe critical Web-based systems that are going untested and unsecuredGood Web Security Tools and Why They MatterWhy you need intruder lockoutWeb security is like the layers of ...
Continue Reading... -
31 Jan 2012
Where’s your information security focus?
You cannot change facts (i.e. the industry your business is in, the regulations it's up against, the type of sensitive information you're responsible for managing, etc.) but you can change problems (i.e. user behavior, wayward goals, management not on board with security, etc. ).As the philosopher James Burnham once said: "If there is no alternative, there is no problem." In the case of information security, there are tons of alternatives to ...
Continue Reading... -
27 Jan 2012
You cannot multiple security by dividing it – Infosec’s relationship with Socialism
I'm not much into urban legends and the like but came across this bit the other day and it really made me think. What a great analogy that impacts all of us both personally and professionally with some interesting information security and compliance tie-ins that I see all the time:An economics professor at a local college made a statement that he had never failed a single student before, but had ...
Continue Reading... -
26 Jan 2012
Evanta CISO event and why St. Jude’s has it right
This week I had the opportunity and privilege to serve as a panelist on mobile security at the Evanta CISO Executive Summit in Atlanta. What a neat event...it wasn't just another infosec show. It was unique in its focus and well run by Corrine Buchanan and Mitch Evans who always seemed to have a smile on their faces - something we don't see enough of at these types of shows. ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including:
