-
20 Mar 2009Another Web security scanner to check out
OK, I covered Acunetix Web Vulnerability Scanner in a previous post and now it's time to share a bit about another Web vulnerability scanner called N-Stalker Web Application Security Scanner 2009. I've used N-Stalker for a while dating back to when it was a free product nearly 10 years ago. Compared to the competition I must to admit that I haven't been really impressed with the tool until now. Thiago ...
Continue Reading... -
20 Mar 2009
My latest security content
I've got some new information security content you may be interested in.First off, here's an article I wrote for SearchWinIT.com:Will a degree or certification help enhance your IT career?...and one I wrote for SearchEnterpriseDesktop.com:Why should Windows shops use Microsoft Baseline Security Analyzer?...and finally a webcast I just recorded for SearchSoftwareQuality.com:Essential Elements of Web Application Penetration TestingAs always, check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts ...
Continue Reading... -
20 Mar 2009
How about enacting a policy to punish someone?
Imagine if someone at work ticked you off and you had the ability to enact a new IT/security policy that only affected that person. Something like no more Internet access or pay-per-use fees for laptops or, say, complete oversight and scrutiny of the person's every action when they're using the computer.Sounds absurd doesn't it....Well, it is and so is this ridiculous new law our House passed yesterday that will tax ...
Continue Reading... -
16 Mar 2009
Is not patching being negligent?
Well, Microsoft's Roger Halbheer thinks so - at least related to the Conficker worm as discussed here. By and large I agree.Everything in business and everything in life depends on us making choices. We choose the behavior - in this case not applying a highly-critical patch - we choose the consequences....especially if it's an oversight because someone in IT was goofing off.With all the talk about the importance of patching ...
Continue Reading... -
11 Mar 2009
My deep thought of the year
Relating to how people are set in their ways:Security problems change....people don't. Therein lies the problem. --Yours truly...
Continue Reading... -
11 Mar 2009
Linux admin = ego trip?
I recently started writing for SearchEnterpriseLinux.com...My first bit was on a topic that no one seems to want to talk about: Linux security. Entitled Five common Linux security vulnerabilities you may be overlooking, the article currently has the lowest rating I've received on any article I've ever written for TechTarget dating back to 2002...Woohoo! You definitely can't win them all.Sure, the article's light - it was intended to be an ...
Continue Reading... -
10 Mar 2009
My latest security content
I have some new information security content that you may be interested in. First, here's an article I wrote for SearchSQLServer.com:The fine line between not encrypting your databases and breach notification...and two articles I wrote for SearchSoftwareQuality.com:Using the Firefox Web Developer extension to find security flawsCloud computing and application security: Issues and risksEnjoy!Also, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and ...
Continue Reading... -
10 Mar 2009
Using AirMagnet WiFi Analyzer for security assessments
While I'm on a roll testing out the latest security tools (can you tell I'm finally getting caught up on things?!) I wanted to write the follow-up to this previous post I promised regarding AirMagnet's wireless network analyzer (now dubbed WiFi Analyzer).I've been using WiFi Analyzer for years...it now supports 802.11n for those of you on the "bleeding edge" and it even has some automated security checks for "n". As ...
Continue Reading... -
10 Mar 2009
Gem of a Web application security book
It's three years old but Andres Andreu has put together a gem of a book on Web security testing:It covers Web apps, some commercial scanners, and practically every open source tool available for Web security testing. It also has some of the best coverage I've seen on testing Web services.Andres must've had a lot of time on his hands when he wrote it...I know firsthand how much effort it takes ...
Continue Reading... -
09 Mar 2009
Great quote related to policies & compliance
Thomas Bracket Reed said "One of the greatest delusions in the world is the hope that the evils in this world are to be cured by legislation".I see this belief in action over and over again with regards to security policies and all these regulations we're up against. Just because you have policies and just because someone in your organization thinks that the business is "compliant" with whatever law or ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including:
