Information Security Expert Kevin Beaver

You may need to do a quick third-party registration to access certain ones. Resources without a hyperlink are no longer published/posted.

• The developer’s role in application security strategy
• Finding and fixing security flaws in third-party software that you don’t have control over
• Setting and achieving your application security goals
• Why most application security measures fail and what must be done about it
• Miscommunication is at the heart of appsec challenges
• DAST Is an Essential Part of a Well-Rounded Application Security Program
• Why companies should make ERP security a top priority
• How to create a more effective application security program
• Web security: Getting your messages across to management
• Who should be responsible for web security?
• Ensuring the right people are on board with web application security
• ERP security issues with working remotely during COVID-19 outbreak
• Ensuring the right people are on board with web application security
• Common website vulnerabilities you must defend against
• Who should be responsible for web security?
• Web security: Getting your message across to management
• How security controls affect web security assessment results
• The importance of integrating mobile apps into your security program
• How automated web vulnerability scanners introduce risks
• Addressing web server security vulnerabilities below the application layer
• Don’t sweep web application testing under the rug
• You may not be in control but you’re still responsible
• Incorporating static source code analysis into security testing
• Great ways to get management on your side with application security (formerly published at checkmarx.com)
• Identifying and addressing overlooked web security vulnerabilities
• What the end of hot patching mobile apps means for enterprise security
• Headed for a wreck? Why you need to be paying attention to data security for connected cars
• Take responsibility for vendor product security
• Android VPN apps: How to address privacy and security issues
• Keeping your Web applications in check with HIPAA compliance
• Protecting Web applications with network controls – Is it effective?
• Dealing with vendors who want to push their SOC audit reports on you
• Nixing credential re-use across unrelated systems
• What are the most important security testing basics?
• Explaining discrepancies in different security assessment reports
• Why DAST and SAST are necessary if software is solid from the get-go
• Why Security Assessments are Often not a True Reflection of Reality
• Keeping your Web applications in check with HIPAA compliance
• Mobile app security risks could cost you millions
• Common oversights in mobile app security
• How to stay ahead of the curve in application security
• Protecting Web applications with network controls – Is it effective?
• Secure coding job interview questions
• Ignore these common mobile app security risks at your own peril
• Using Modern.ie to test Web browser compatibility with applications
• Why ALL of your apps need security testing
• 4 insider tips for choosing application security testing tools
• How to perform a (next-generation) network security audit
• Don’t overlook details when scoping your Web application security assessments
• How to take a measured approach to automated penetration testing
• Five steps for improving an authenticated vulnerability scan
• Next-generation tools for next-generation network security
• Look for these security flaws in your messaging environment
• How do you know when a security vulnerability matters to your business?
• Making Web security part of your IT governance program
• Five Web security issues present in your business today
• Ways to keep your developers interested in Web security
• Balancing Web security with your compliance requirements
• Key Web application security metrics
• Taking politics out of the Web security equation
• Getting back to basics with Web security
• Core causes of Web security risks and what you can do about them
• Security Considerations When Using AWS Cloud Services
• The Big Security Oversight When Using Amazon Web Services
• The Role Of An Automated Web Vulnerability Scanner In A Holistic Web Security Audit
• How Your Web Presence is Throwing You Out Of Compliance
• The disconnect between IT audit and software developers
• Top 10 Insider Threats and How to Protect Yourself
• Top 5 Information Security Trends
• Top 5 network security vulnerabilities that are often overlooked
• Why you need to pay attention to the slow HTTP attack
• Lessons learned from a web security breach
• Application security calls for a proactive approach
• Understanding the value of the OWASP Top 10 2013
• The Role Of An Automated Web Vulnerability Scanner In A Holistic Web Security Audit
• Are Obamacare’s health insurance exchanges secured? Likely not.
• Can software quality pros shore up network security threats?
• How do software quality pros navigate cloud computing security issues?
• What are the hidden mobile app security threats to look out for?
• Your Scanning Experience Determines Your Scanning Success
• What can Developers do to Better Protect PII?
• Finding Web Flaws is not Point and Click
• Responding to DoS attacks at the web layer
• Should you Test Development, Staging or Production?
• Mobile app software: Avoid the perpetual cycle of insecurity
• Hybrid security: Beyond pen testing and static analysis
• Don’t Let Problems Stop You From Carrying Out Web Application Testing
• Mac Malware Underscores Why You Can’t Ignore Web Security Threats
• Do You Scan with Network Security Controls Enabled or Disabled?
• Take Care in Handling the Results of Your Web Application Testing
• The Value of Web Exploitation
• Web Application Firewalls and the False Sense of Security They can Create
• Not All Web Vulnerabilities Are What They Appear to Be
• The One Web Security Testing Oversight You Don’t Want to Miss
• IT Geek Speak and What Management Really Needs to Hear
• There’s more to web security than meets the eye
• To validate or not, is that the question?
• Protecting FTP services running on your Web server
• The critical Web-based systems that are going untested and unsecured
• Good Web Security Tools and Why They Matter
• Why you need intruder lockout
• Building and deploying secure video and access control systems (hacking tips and tricks for video and access control systems)
• How can you avoid a Web security breach? It’s all in the preparation.
• SharePoint security should not be an afterthought
• Explaining the why of Web application security
• Improving Web security by working with what you’ve got
• Not all Web vulnerability scans are created equal
• Why people violate security policies
• Getting users on your side to improve Web security
• Time to market is no longer the excuse
• SQL Injection – The Web Flaw That Keeps on Giving
• Properly scoping your Web security assessments
• The cure for many Web application security ills
• How much Web security is enough?
• Dark Cloud Looming?
• What’s your take on cloud security?
• Firewall change management and automation can curb human error
• Do Web application firewalls complicate enterprise security strategy?
• I wouldn’t want to be a developer these days
• Don’t overlook the importance of authenticated testing
• You Can’t change what you tolerate
• Testing for weak passwords: a common oversight without a great solution
• How often should you test your web applications?
• Notable changes in the PCI DSS 2.0 affecting Web application security
• Building solid security requirements
• Security oversights in the cloud: Asking the tough questions
• Why current application security measures fail
• Why do so many people buy into “checklist” audits?
• Ways to avoid email floods when running Web vulnerability scans
• Web server weaknesses you don’t want to overlook
• SQL injection tools for automated testing
• Beefing up SSL to ensure your applications are locked down
• Common security flaws to check for on your Linux-based Web systems
• Getting developers on board with security – once and for all
• Application security checklist: Finding, eliminating SQL injection flaws
• Finding cross-site scripting (XSS) application flaws checklist
• Web security oversights: Don’t overlook the “small” stuff
• Domino security vulnerabilities to watch for
• Getting started with hardening Domino
• The new OWASP Top 10 for 2010 – Risk and Realities
• Why use POST vs. GET to keep applications secure
• Security best practices for today’s Web 2.0 applications
• Authenticated XSS – problem or not?
• Looking past Layer 7
• The Top Web Vulnerability We Face
• Find unexpected vulnerabilities to ensure cloud compliance
• Changes coming to the OWASP Top 10 in 2010
• Free Web proxy tools you need to get to know
• Securing Web servers in Windows environments
• Finding cross-site scripting (XSS) application flaws checklist
• Testing rich Internet applications: 2009’s best free tools
• How often should I change the passwords for my bank and other important online accounts (a Women’s Health magazine piece I contributed to)
• Web 2.0 application security troubleshooting, testing tutorial
• Essentials of static source code analysis for Web applications
• Web security problems: Five ways to stop login weaknesses
• Fixing four Web 2.0 input validation security mistakes
• Spotting rich Internet application security flaws with WebGoat
• Testing rich Internet applications for security holes
• Is all the PCI DSS compliance whining and complaining justified?
• Scoping your Web app security assessments for success
• Common software security risks and oversights
• The role of quality assurance pros in software security
• Using the Firefox Web Developer extension to find security flaws
• Cloud computing and application security: Issues and risks
• Web application security gaps not fixed in 2008
• Five predictions for Web security trends and changes for 2009
• Ten Ways to Protect Your Web servers
• Web Services: An overlooked entry point for attack
• Cross – site Scripting 102 – How it actually works
• AJAX Security – Is anyone listening?
• The realities of using WAFs for PCI DSS 6.6 compliance
• The realities of PCI DSS 6.6 application code reviews
• Free tools that can improve IIS security
• Writing software requirements that address security issues
• Getting started with web application misuse cases
• The Essentials of Web Application Threat Modeling
• Web application hacking: Inside the mind of an attacker
• Cross-site scripting 101 – The essentials
• Cracking passwords the Web application way
• The Fallacy of SSL
• How to get developers to buy into software security
• Eight reasons to do source code analysis on your web application
• What to do after penetration testing : source code analysis
• What to expect of a third party Web application security tester
• What to look for in a Web application security testing tool
• Free web application security testing tools you need to get to know
• Software security tools to improve your skills in a single day
• Web application vulnerabilities you don’t want to overlook
• Interpreting the Results of a Vulnerability Assessment: How to Focus on What’s Important in Your Web Application Security Testing
• Web application security testing checklist
• Step-by-Step Guide : Securing Web Servers

• Five Considerations for the Other SaaS – Security as a Service
• Ensuring PCI DSS Compliance in the Cloud
• Common security-related oversights, assumptions, and blunders in software testing Security comprises a significant portion of the overall quality of software yet we continue to see software flaws that create unnecessary business risks and lead to application-level data breaches. In this webast, I explore the causes of gaps in the software testing process and offers suggestions on how to fix them.
• Focusing on what’s important with your Web application security scanning and testing Web application security affects every business in some capacity. Regardless of the industry, there are certain Web security weaknesses you can’t afford to overlook and steps you must take to find them. In this webcast, I share what you need to know in order to find Web security vulnerabilities in your environment.
• Essential Elements of Web Application Penetration Testing In this webcast I show you how to maximize the value of your penetration testing efforts and the security of your Web applications. Just the essentials of what you need to know.

• Web scanning security testing
  What should be the first step in Web application security testing? What is the difference between penetration testing, ethical hacking, vulnerabililty scanning and source code analysis? I answer these questions and others in this podcast in which I explain how your organization can focus what’s important in security testing.
• Podcast: Security testing blunders In this podcast, I talk about the importance of security testing and how to get management buy – in. I describe the most common application security flaws and outline why the biggest oversight when in security testing in inaction. Tune in as I describe a game plan that will help you move your security testing efforts forward.
• Hacker-Proof Your Applications