-
12 Aug 2010Apple’s iPad – a forensic investigation in the making?
Here's a new piece I wrote for SearchCompliance.com on regarding the realities and risks of iPads in the enterprise.Enterprise iPads: Compliance risk or productivity tool?Simply put, they're not all that different that other mobile computing devices but they do bring something unique to the table...Speaking of "i" devices in the enterprise, here's a great read I saw recently in Information Week that outlines a scenario that's at the root of ...
Continue Reading... -
12 Aug 2010
Metasploit enters the Web arena
OK, Metasploit has had several Web-related exploits for years but HD and company are now getting serious about taking Web application scanning and exploitation to the next level.As with Metasploit and Metasploit Express, there's only so much you can do with scanner and exploit tools so the verdict is still out. I love this innovation nonetheless....
Continue Reading... -
11 Aug 2010
Is car hacking the next big thing?
For years I've been telling close friends who share my motorsports passion that we're going to start seeing cars getting hacked. I believe this to be especially true once cars are online and communicating with the "smart highway" system we're slowly approaching.Well, we're now starting to see the beginning of such hacks. Some research was uncovered earlier this year on how a car's ECU (electronic control unit) can be manipulated ...
Continue Reading... -
11 Aug 2010
Great information security quote (don’t believe the hype)
There's a Japanese proverb that fits nicely into infosec:"If you believe everything you read, perhaps it's better not to read."Be it F.U.D., vendor hype, or "experts" who claim the sky is falling with every new exploit they uncover - you ultimately need to focus on doing what's best in your environment under your terms....
Continue Reading... -
11 Aug 2010
Avoid the temptation to go nowhere
The cancellation of Tony Robbins show after just two episodes underscores how many people aren't interested in learning more about getting ahead in life. Instead, mindless drivel is the "norm" of today.If you want to make things happen, dare to be different....
Continue Reading... -
09 Aug 2010
How you can get developers on board with security starting today
Some people - including a brilliant colleague of mine - think security is not the job of software developers. In the grand scheme of things I think such an approach is shortsighted and bad for business. It's kind of like an auto assembly line worker not being responsible for the quality of his work or citizens not being responsible for their own healthcare (oh wait!) or why the bottom 50% ...
Continue Reading... -
09 Aug 2010
A bit of inspiration
I'm back from my last break of the summer and thought I'd share this quote I came across for a bit of inspiration:"A successful life is one that is lived through understanding and pursuing one's own path, not chasing after the dreams of others." -- Chin-Ning ChuThis reminds me of another great quote which says "If you don't have goals for yourself you're doomed forever to achieve the goals of ...
Continue Reading... -
29 Jul 2010
Neat demo of XSS on Facebook
Here's an informative video and accompanying article by the folks at Acunetix showing the exploitation of XSS on Facebook. It demonstrates how XSS can not only be made into a serious flaw but also how it's carried out in the background without the user ever knowing about it....
Continue Reading... -
21 Jul 2010
Good Web application security resource
In typical monster corporation style, Hewlett-Packard's Web site is painfully difficult to browse around, much less find what you're looking for when it comes to, well, pretty much anything. There is an exception however that benefits all of us in information security. It's HP's Application Security Center Resource Library. It's chock full of goodies from HP (and former SPI Dynamics) engineers, developers, and Web security evangelists.In addition to more recent ...
Continue Reading... -
20 Jul 2010
Sometimes it’s the little things that’ll get you
If you're like me you've likely experienced in your daily life how something seemingly innocuous or too simple can create a big problem. Here's a new piece I wrote where I talk about this issue with regards to Web security:Web security oversights: Don’t overlook the “small” stuffWith information security there's usually no need to sweat the small stuff....just don't overlook it altogether!...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including one of the best-sellers of all time:
