Kevin Beaver's Security Blog

Essentials for cracking SQL Server passwords

Looking to check the resiliency of your Microsoft SQL Server systems? You may very well find that you don't have to look much further than weak/blank passwords to gain full access. I've come across a few vulnerable SQL Server systems via manual analysis. However, I couldn't live without a small set of SQL Server password cracking tools that you should check out as well.Here's a piece I wrote that can ...

Using POST vs. GET

Here's a piece I wrote recently for SearchSoftwareQuality.com:Why use POST vs. GET to keep applications secureSure, it's not cut and dried but use the wrong one when you could've used the other, the resulting vulnerabilities can get ugly....

Job hunting? How you can stand out & kick your competitors’ butts

Looking for a job in IT or infosec? Here's what you need to do:Getting hired in IT: How to stand out...

CSRF doesn’t matter?? The sky is falling!

Here's a great piece where something I wrote put a grown man with a hacker handle's boxers in a bunch. With all due respect to what Robert has contributed to our field, he is missing the point of my 8 sentence statement about cross-site request forgery (CSRF) not being a top priority (formerly published on SearchSoftwareQuality.com). It reminds of me when I wrote about Changes coming to the OWASP Top ...

...

A simple yet highly-effective career booster

One of the best things you can ever do for your career in IT or information security is to network, network, network. It's all about who knows you. Here's what it takes:Networking to enhance your IT career...

My (other) webinar this week: Strategies for Securing your Enterprise for Success

If you're around at 2pm ET this Thursday (tax day, woohoo!) please join me for another free webinar: Strategies for Securing your Enterprise for SuccessAs with all my webinars/webcasts I'll keep it short and sweet - I'll talk for ~20 minutes and we'll have a Q&A at the end.You can register here:https://credantevents.webex.com/credantevents/onstage/g.php?t=a&d=660432648"See" you there!...

My webinar this week: Data Protection: The Realities of Proactive vs. Reactive

Join me tomorrow around lunchtime (or breakfast depending on where you're at) for a webinar on Data Protection: The Realities of Proactive vs. ReactiveI'm going to talk for ~20 minutes and we'll have a Q&A at the end.It's at 12pm ET and you can register here:https://www1.gotomeeting.com/register/936383032Hope to "see" you there!...

View every day as a blessing

Between losing both grandmothers and helping my mom through a serious struggle she's having with cancer over the past 4 weeks combined with this news about Brian Tracy who has been a wonderful inspiration and mentor to me I'm compelled to say: View every day as a blessing for we truly don't know how much time we have here on Earth....

My 500th blog post + how does your salary compare to others?

I just realized that this is my 500th blog post. Hopefully you're up to 500 more posts of my security nonsense!If you haven't seen it yet you should check out Global Knowledge's 2010 Salary Survey. It sheds some light on what you can and should be earning in IT and information security. Just remember that Global Knowledge is a training company and they want to tout how well -off you'll ...