Kevin Beaver's Security Blog

Re-post of my update on CSRF

I was just informed by my editor at SearchSoftwareQuality.com that they're going to take my Ask the Expert response regarding CSRF (referred to in this post) offline until they've had a chance to review it. In the interest of not letting this fizzle out without people knowing what happened as well as maintaining my stance on the topic and further clarifying what I meant, here's the original question along with ...

Great information security quote

Socrates said it best: "The more you know, the more you realize you know nothing." How true this is in the context of information security.Funny how we start out knowing everything in our teens, think we know everything in our 20s, and, in our 30s and beyond, come to the realization that things are much more complex than we originally thought.Common sense - and humility - are the key ingredients ...

Have you seen Win7’s Windows XP Mode?

It's a great way for setting up a virtual testing environment. Here's a recent piece I wrote about it:Using Windows XP Mode for security testing in Windows 7I'm really digging Windows 7....even if you just upgrade your own machine, Windows 7 has lots of things that will help you work more efficiently....

Essentials for cracking SQL Server passwords

Looking to check the resiliency of your Microsoft SQL Server systems? You may very well find that you don't have to look much further than weak/blank passwords to gain full access. I've come across a few vulnerable SQL Server systems via manual analysis. However, I couldn't live without a small set of SQL Server password cracking tools that you should check out as well.Here's a piece I wrote that can ...

Using POST vs. GET

Here's a piece I wrote recently for SearchSoftwareQuality.com:Why use POST vs. GET to keep applications secureSure, it's not cut and dried but use the wrong one when you could've used the other, the resulting vulnerabilities can get ugly....

Job hunting? How you can stand out & kick your competitors’ butts

Looking for a job in IT or infosec? Here's what you need to do:Getting hired in IT: How to stand out...

CSRF doesn’t matter?? The sky is falling!

Here's a great piece where something I wrote put a grown man with a hacker handle's boxers in a bunch. With all due respect to what Robert has contributed to our field, he is missing the point of my 8 sentence statement about cross-site request forgery (CSRF) not being a top priority (formerly published on SearchSoftwareQuality.com). It reminds of me when I wrote about Changes coming to the OWASP Top ...

...

A simple yet highly-effective career booster

One of the best things you can ever do for your career in IT or information security is to network, network, network. It's all about who knows you. Here's what it takes:Networking to enhance your IT career...

My (other) webinar this week: Strategies for Securing your Enterprise for Success

If you're around at 2pm ET this Thursday (tax day, woohoo!) please join me for another free webinar: Strategies for Securing your Enterprise for SuccessAs with all my webinars/webcasts I'll keep it short and sweet - I'll talk for ~20 minutes and we'll have a Q&A at the end.You can register here:https://credantevents.webex.com/credantevents/onstage/g.php?t=a&d=660432648"See" you there!...