-
15 Sep 2010Hacking Methodology chapter available for download
Chapter 4 of the latest edition of my book Hacking For Dummies is now available for download on TechTarget's SearchWindowsServer.com.If you like what you see, here's a direct link to the book on Amazon where you can save 34% off the cover price: Happy ethical hacking!...
Continue Reading... -
14 Sep 2010
Preventing email denial of service when scanning Web apps
Here's a new piece I've written that outlines one of those pesky Web scanning problems most of us have been affected by in some way or another:Ways to avoid email floods when running Web vulnerability scansHope this helps!...
Continue Reading... -
12 Sep 2010
You cannot secure what you don’t acknowledge
Here's a piece I wrote for SearchSMBStorage.com on storage security...specifically some must-have tools for finding storage-related security flaws in small business.Five must-have data storage security tools for smaller businessesIf you don't know what's where it'll be impossible to keep it secure....
Continue Reading... -
08 Sep 2010
Security’s not just an executive decision
I recently came across this quote by Peter Drucker that struck a chord:"Most discussions of decision making assume that only senior executives make decisions or that only senior executives' decisions matter. This is a dangerous mistake."It reminds of how certain executives decide that information security is something that doesn't affect their business regardless of what others are telling them. I'm sure many of these executives' subordinates are ready and willing ...
Continue Reading... -
08 Sep 2010
What’s Better for Your Information Security Career – Certifications, a Degree, or Good Old-Fashioned Experience?
Here's a piece I wrote on information security careers and what's best for getting ahead:What’s Better for Your Information Security Career – Certifications, a Degree, or Good Old-Fashioned Experience?If you want to learn more on the go, I also have a Security On Wheels audio program on this topic that picks up where my article leaves off:Certifications, Degrees, or Experience - What's Best for Your Security Career?...
Continue Reading... -
08 Sep 2010
Good rule of thumb for information security
Thomas Jefferson once said:"Learn to see in another's calamity the ills that you should avoid." If you want to manage information risks and keep your business out of hot water I can't think of a better principle to work by....
Continue Reading... -
07 Sep 2010
The key to accurate and insightful Web security scans
You've likely found that Web vulnerability scanners aren't just point-and-click. Maybe so for relatively simplistic marketing websites but not for complex applications. In fact, one of the greatest ways to get a grand false sense of security is to turn a Web vulnerability scanner loose on your site/application and assume everything of consequence has been discovered and audited.The thing is we're now seeing an entirely new set of Web applications ...
Continue Reading... -
06 Sep 2010
Securing and hacking Windows go hand in hand
Computer hacking concepts extend to every nook and cranny of what we work with on a daily basis. Front and center are Windows-based servers. A large part of what I do in my work performing internal security vulnerability assessments - a.k.a. pen tests and audits - involves Windows servers. There's so much you can do to build up Windows server security and so much you can take to bring it ...
Continue Reading... -
02 Sep 2010
Crunch risk numbers or fix the obvious?
My colleague Ben Rothke (@benrothke) recently wrote a good piece on basing information security decisions on good data. I like his approach - it'll make you think. It's true we do need good data so we can make better decisions. Sadly, we often don't have the data or, if we do, we're not qualified to interpret it.Maybe it's just me but I don't believe my degrees in computer engineering and ...
Continue Reading... -
02 Sep 2010
The case for zero-day testing
Here's a good piece by David Maynor regarding penetration testing and whether or not zero day exploits should be used. I agree with David. With penetration testing, ethical hacking, vulnerability assessments - whatever you want to call them - anything should be fair game. That is if you want a real-world view of what's at risk. Limiting your tests could skew the results and you'll end up with a false ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
