• 07 Sep 2010

    The key to accurate and insightful Web security scans

    You've likely found that Web vulnerability scanners aren't just point-and-click. Maybe so for relatively simplistic marketing websites but not for complex applications. In fact, one of the greatest ways to get a grand false sense of security is to turn a Web vulnerability scanner loose on your site/application and assume everything of consequence has been discovered and audited.The thing is we're now seeing an entirely new set of Web applications ...

    Continue Reading...
  • 06 Sep 2010

    Securing and hacking Windows go hand in hand

    Computer hacking concepts extend to every nook and cranny of what we work with on a daily basis. Front and center are Windows-based servers. A large part of what I do in my work performing internal security vulnerability assessments - a.k.a. pen tests and audits - involves Windows servers. There's so much you can do to build up Windows server security and so much you can take to bring it ...

    Continue Reading...
  • 02 Sep 2010

    Crunch risk numbers or fix the obvious?

    My colleague Ben Rothke (@benrothke) recently wrote a good piece on basing information security decisions on good data. I like his approach - it'll make you think. It's true we do need good data so we can make better decisions. Sadly, we often don't have the data or, if we do, we're not qualified to interpret it.Maybe it's just me but I don't believe my degrees in computer engineering and ...

    Continue Reading...
  • 02 Sep 2010

    The case for zero-day testing

    Here's a good piece by David Maynor regarding penetration testing and whether or not zero day exploits should be used. I agree with David. With penetration testing, ethical hacking, vulnerability assessments - whatever you want to call them - anything should be fair game. That is if you want a real-world view of what's at risk. Limiting your tests could skew the results and you'll end up with a false ...

    Continue Reading...
  • 31 Aug 2010

    NetScan Tools LE – a must-have for investigators

    Have you ever had a need to run a program and get a relatively small amount of data just to do your job but end up getting caught in the complexity of the application and not getting what you need after all? That's happened to me a bunch.Well, NorthWest Performance Software (makers of a long-time favorite of mine: NetScanTools Pro) has a new tool that helps resolves this problem called ...

    Continue Reading...
  • 30 Aug 2010

    “New” Web security content to check out

    Here are several new links to some recent (and, due to my crazy year, not so recent) articles I've written for various TechTarget sites on the subjects of Web application and server security:Web server weaknesses you don't want to overlook (the "rest of the story" of Web flaws)SQL injection tools for automated testing (a must-have for your toolkit)Beefing up SSL to ensure your applications are locked down (good for some ...

    Continue Reading...
  • 27 Aug 2010

    HIPAA & HITECH: new requirements + same approaches = new book

    My colleague and co-author Becky Herold and I are working on the second edition of our HIPAA book and I'm realizing, wow, not much has changed in the way of managing information risks since we first wrote it in 2003. Yet, the protected health information breaches keep on occurring (look at the two latest ones from this week).Stay tuned though...we've got lots of good updates and new info forthcoming on ...

    Continue Reading...
  • 27 Aug 2010

    Work harder on yourself than you do on your job

    Many people want to take the easy path that promises to lead them to their riches rather than work hard over the long term and earn it the good old-fashioned way. It's the lottery mentality. James Allen said it best:"Men are anxious to improve their circumstances, but are unwilling to improve themselves; they therefore remain bound." Want to get begin improving your circumstances in your life and in your IT/security ...

    Continue Reading...
  • 26 Aug 2010

    Good new book on security awareness

    I have to admit, when my colleague Marcos Christodonte first approached me about reviewing his new security awareness book, Cyber Within, I thought here's yet another book on boring old security awareness. I was wrong. Cyber Within takes a very unique (suspense novel-like) approach to address the problem we have with employees and information security. And it works.The book is a quick read - just 47 pages - but it's ...

    Continue Reading...
  • 26 Aug 2010

    Acunetix WVS v7 – grand improvements in the making

    When I find a good security tool I not only love using it but I love telling everyone about it. Having gone down this road many times myself, I understand the time, money, and hassle associated with investing in security tools that aren't all that. Well, here's one for you: Acunetix Web Vulnerability Scanner (AWVS) version 7 (it's currently in beta and free for you to try).The folks at at ...

    Continue Reading...

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO CISSP cities coronavirus covid-19 cybersecurity data breaches eagle syndrome hacking Hacking For Dummies health helmet communications incident response information risk keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements sql injection tethered spinal cord time management underimplemented vulnerability and penetration testing web security zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.