-
29 Jun 2009Great source code analysis tool
Finally, I've found an affordable and effective static source code analysis tool! It's called CxDeveloper - a product Israel-based Checkmarx that's distributed/supported by U.S.-based Security Innovation. Whew....it's a little confusing but what can you do.I've used CxDeveloper for over a year now and, like most products, it's not perfect. It crashes unexpectedly every now and then, it generates false-positives, its licensing process is kludgy and old-fashioned, and its reporting capabilities ...
Continue Reading... -
26 Jun 2009
My latest security content
Here's my latest information security content you may be interested in: Testing rich Internet applications for security holes The pros and cons of host-based vs. appliance-based tape encryption As always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and more....
Continue Reading... -
24 Jun 2009
My latest security content
Here's my latest information security content you may be interested in:Gathering and documenting your Windows desktop security policiesSecurity essentials for Active Directory on LinuxWindows server hardening: How much is enough?Top Windows server hardening standards and guidelinesCommon Active Directory security oversightsDesktop security preparation for a new wave of Windows appsWindows desktop security standards documentation best practicesAs always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, ...
Continue Reading... -
23 Jun 2009
Running a computer without malware protection?
I'm so glad other people are experiencing anti-malware bloat as well. It seems like I'm having to disable real-time anti-virus, etc. protection quite often to get certain things done. I'm sure Microsoft's forthcoming MSE will fix this. [not holding my breath...]...
Continue Reading... -
22 Jun 2009
Charles Schwab hard drive removed & then stolen
Yet another one for the hall of shame list. You know how I am about it, I'm sure this hard drive was encrypted. ;-)...
Continue Reading... -
22 Jun 2009
My latest security content
OK, I've been busy and my articles have been stacking up. Here's the first set that were recently published. More to come later this week.Dumb things IT consultants doWhy it may not be ideal for your lawyer to be your compliance officerKeys to finding your IT consulting nicheIs all the PCI DSS compliance whining and complaining justified?Scoping your Web app security assessments for successEnjoy!As always, be sure to check out ...
Continue Reading... -
22 Jun 2009
Windows BitLocker’s false sense of security
In this piece Tony Bradley provides some great insight into how Windows BitLocker "drive" encryption works in Vista and Windows 7. Actually BitLocker is not drive - or whole-disk - encryption after all...As Tony states it's more like whole-volume encryption.Keep this in mind when securing your laptop and mobile drives. This could create a pretty serious false-sense of security that everything's locked down when indeed it's not. Same as the ...
Continue Reading... -
22 Jun 2009
Web application security – ignorance or idiocy?
You've heard me rant about common management and developer views of Web security here and in the articles I write for TechTarget. Here's some third-party validation of my thoughts. Entertaining yet sad....
Continue Reading... -
20 Jun 2009
Time to teach kids about personal responsibility, and prison?
Here's some insight into what children are doing online these days. Great example of the lack of parenting, discipline, personal responsibility, and ability to think long-term we have going in our society.On a side note, perhaps the "Psychologists have long known that when an attacker does not see their victim, the normal inhibitions that prevent us from doing wrong become much weaker" bit explains why we see so much road ...
Continue Reading... -
16 Jun 2009
Getting back to the basics – what’s it going to take?
With all the worry about budgets and all the marketing hype over some of these fancy vendor security solutions, I still see so many simple/silly/stupid things related to IT that need to be fixed before a penny is ever spent or a single new technology is ever deployed. Things like: --Network shares sharing out entire drives full of sensitive files - accessible by anyone with just a basic network login ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including:
