I’ve been busy in the world of Web security testing – both with work and with writing. Check out these new pieces on the subject. I suspect I’ll tick off a “researcher” or two given my business angle and 80/20 Rule-approach of focusing on the most problematic areas of Web security…Still, I hope that these are beneficial to you and what you’re trying to accomplish in your organization:
Key Web application security metrics
Taking politics out of the Web security equation
Getting back to basics with Web security
Core causes of Web security risks and what you can do about them
Security Considerations When Using AWS Cloud Services
The Big Security Oversight When Using Amazon Web Services
By the way, with the continued banter/debate around vulnerability assessments v. audits. v. pen tests, here’s my two cents on the subject:
Is it a pen test, an audit, or a vulnerability assessment?
Don’t forget to check out all of my other information security content at www.principlelogic.com/resources
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”