-
16 Apr 2009What to look for in a security scanner
Since I'm on the subject of talking about security scanners, here's a link to an article I wrote a couple of years ago that's still very relevant. Check it out:What to look for in a Web application security testing toolSome of what I say in this piece supports my stance in the previous blog that you cannot automate this stuff and assume you've done your due diligence....
Continue Reading... -
16 Apr 2009
Someting you need to know about all-in-one scanners
I've been approached a couple of times in the past few weeks regarding the "scanner" and "vulnerability management" vendors that are touting their all-in-one approach to security vulnerability assessments and compliance scans. The interest has been around PCI DSS and specifically Rapid7's solutions (apparently their marketing folks are doing a good job). There are other vendors coming into the space as well including a big one being announced at RSA ...
Continue Reading... -
13 Apr 2009
My latest security content
OK, here's my latest information security content.For starters, here are two articles I wrote for SearchSoftwareQuality.com:Common software security risks and oversights The role of quality assurance pros in software security...as well as a follow-up to a previous SearchEnterpriseLinux.com article:A look at real-world exploits of Linux security vulnerabilitiesI've said it before and I'll say it again, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, ...
Continue Reading... -
13 Apr 2009
I’m back…
Well, Spring Break is over (boohoo) and I'm back in full swing. My mind had a chance to clear while I was out and I thought of some new blog ideas that I'll be posting soon. Plus I have some content that was recently published that I'll be linking to. Also, I'm now writing for SearchCompliance.com (a great resource for us given how compliance is driving a lot of what ...
Continue Reading... -
03 Apr 2009
Restating the obvious?
This just in (OK, it's really from a couple of days ago): Cybersecurity hearing highlights inadequacy of PCI DSS.But I thought compliance = security!? And anything forced down our throats at the hand of industry bodies and government goons is all we need to manage business risks!? Seriously...how long do you think we'll continue to hear about this...ay yay yay?...
Continue Reading... -
01 Apr 2009
WebInspect – the Mac Daddy Web app scanner?
I've recently covered two of my favorite, yet lesser-known, Web vulnerability scanners: Acunetix Web Vulnerability Scanner and N-Stalker Web Application Security Scanner. Two worthy products indeed. Now I'd like to shed some light on HP's WebInspect. I've been using WebInspect since before testing Web sites/apps was cool. In fact, WebInspect was one the original commercial Web scanners. It may have even been the first. Anyway, I started a relationship with ...
Continue Reading... -
31 Mar 2009
Goofy “feature” in GoToMyPC that can put you at risk
I use GoToMyPC for remote access occasionally and came across a situation you may want to know about....Before I left the office last night I made sure my Windows screen was locked. My locking screensaver kicks in after a few minutes but I just wanted to make sure. While at home I accessed my laptop a few times logging on and off of GoToMyPC. When I returned to the office ...
Continue Reading... -
31 Mar 2009
Coping site for security breaches?
This just in: from the government agency that brought us HIPAA we now have a new site to help us all deal with the troubling economy. Maybe one day the site can be expanded to include those of us who are affected - both personally and professionally - by security breaches. At least there's hope....and when there's hope, there will be "change". ;)Funny how government creates a crisis and then ...
Continue Reading... -
27 Mar 2009
Interesting new technology dilemma arising
Here's an interesting bit about something our legal system is going to have to try to get its arms around. In essence it's jurors using mobile phones to access the Internet to learn more about the trials they're currently serving on. Wow - talk about unintended consequences.I suspect that one of these days, in a few more years once Big Brother has really established himself, we'll have some really advanced ...
Continue Reading... -
26 Mar 2009
How long will we be talking about this?
I saw this bit and wondered to myself: how long will we be talking about the basics of security and the ramifications when they're ignored? 10, 20 years more maybe?...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including one of the best-sellers of all time:
