-
29 Oct 2010The business side of Web security (you can’t afford to ignore)
Here's a new piece I wrote about the *other* aspects of Web security beyond the bits and bytes...Don't let this stuff catch you off guard.Preventing phishing attacks is not just a technical issue...
Continue Reading... -
27 Oct 2010
Talk about old school…
I recently came across a Web site I was creating an account for which stated the following for its login requirements:Your user name & password must consist of letters in all caps 4-7 characters in length.Too funny......
Continue Reading... -
18 Oct 2010
AppDetectivePro v7 worth checking out
Have you checked out Application Security's (somewhat) new AppDetectivePro version 7? Have you even heard of AppDetectivePro? If not, it needs to be on your radar. It's a powerful database vulnerability scanner that can perform both unauthenticated penetration tests as well as authenticated audits of SQL Server, Oracle, MySQL, DB2, Notes/Domino and Sybase (wow) systems. A screenshot of a penetration test of an Oracle 11g-based system is shown below:AppDetective is ...
Continue Reading... -
18 Oct 2010
Is this quote one of the contributing factors to lax infosec?
Novelist Robert Heinlein once said "In the absence of clearly-defined goals, we become strangely loyal to performing daily trivia until ultimately we become enslaved by it."I suspect this is a large contributing factor to the lack of information security - and subsequent data breaches - in business today.Feel like you need a jump start on goal setting? Check out this piece I wrote on the subject:Eight steps to accomplishing your ...
Continue Reading... -
11 Oct 2010
Got compliance? Here are some tips for moving ahead.
Tired of "compliance"? Me too. But, it's still one of those necessary (arguably sometimes unnecessary) evils we must deal with in business today.Here are some new pieces I've written for the fine folks at SearchCompliance.com that will hopefully be of some benefit to you and your business.:Priorities for your sound regulatory compliance management policyPut compliance management back into server virtualizationAchieving compliance is about more than secure data encryptionWhat compliance professionals ...
Continue Reading... -
06 Oct 2010
911, what’s your emergency?
There's a saying when seconds count the police are only minutes away. Maybe yes, maybe no - and like I just experienced, sometimes they may not care at all. Let me explain...Have you ever been driving down the road and witnessed someone driving completely erratically to the point where you think "WOW, that person is going to cause a wreck, soon." Well, I was out for a leisurely drive in ...
Continue Reading... -
04 Oct 2010
Beware of the oversights w/default policies in Web vuln scanners
I just ran some Web vulnerability scans against an app I'm testing using a couple of default/benign scan policies. Nothing big turned up. I re-ran the scan using a full scan policy that checks for everything and the new MS10-070 ASP.NET padding oracle vulnerability reared its ugly head...BIG difference in the outcome.Keep this in mind when checking for Web security flaws with your automated scanners and never ever completely rely ...
Continue Reading... -
30 Sep 2010
Elcomsoft’s new Phone Password Breaker now supports the BlackBerry
Elcomsoft's neat iPhone Password Breaker tool that can crack iPhone backup passwords just got 100% better. Now it's called Phone Password Breaker and supports BlackBerry backups. Nice.Combine such a tool with all the open shares and unstructured data scattered about the average network and you've got a pretty serious problem on your hands. That is unless you're using the tool in a security assessment and demonstrating the continued risks smartphones ...
Continue Reading... -
28 Sep 2010
In the unlikely event you experience a security breach…
If you've experienced a data breach - or if you're into thinking long term - want to plan ahead in the event one does occur, here's an Entrepreneur Magazine bit from a PR specialist on how to handle a crisis.It doesn't have to be difficult but you can pretty much bet it will be if you don't have a plan. For further reading, here are some pieces I've written about ...
Continue Reading... -
28 Sep 2010
Don’t believe the hype
In this piece, fellow SearchEnterpriseDesktop.com writer Mike Nelson does a good job railing against vendor FUD. His content ties right into my thoughts on all the IT and security marketing fluff we're exposed to. It's nuts.If you do anything, educate yourself on the basics before going in - before you buy any product or service...With Google, Bing, and all the good resources out there it's relatively simple to learn the ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including:
