Web security is complicated enough. Adding a healthy dose of politics, like what exists in most organizations, often proves to be more than IT professionals can handle. Most problems in life are either financial, health, or people-related. It’s the people part of the equation in…
Author Archives Kevin Beaver
THE AUTHOR
Kevin Beaver
Core Causes of Web Security Risks and What You Can do About Them
Samuel Johnson, an 18th century lexicographer, once said “The chains of habit are too weak to be felt until they are too strong to be broken.” That’s precisely what we’re seeing with web security today. We get caught up in our day-to-day work and the…
What You Don’t Know About Web Security CAN Hurt You
How secure is your web environment? You know, your business’ marketing website, your customer-facing web applications, your internal financials application, the various cloud services that process and store business assets, and so on. Many business executives don’t have the slightest idea about the security of…
Key Web Application Security Metrics
How’s your web application security program measuring up today? If you’re like many people, you’re simply going through the motions of periodic vulnerability scans and problem resolution. It’s a vicious cycle that may or may not be delivering the results you’re looking for. Given all…
Ways to Keep your Developers Interested in Web Security
Working in IT over the past couple of decades I’ve witnessed the good, the bad, and the downright ridiculous when it comes to the way software developers are treated by management. Seeing what I’ve seen, and having been in those shoes, I’m convinced that the…
The importance of Internal Web Security Assessments
What do things look like on the outside? That’s the main focus we have as human beings. But beauty is only skin deep. As with relationships and leaked NSA documents, we quickly discover that what’s on the inside is just as, if not more, important….
Why You Need To Pay Attention To The Slow HTTP Attack
Okay, I admit, I haven’t been stressing enough to people just how critical the Slow HTTP vulnerability really is. The Slow HTTP flaw is present on practically every Apache-based system I test and can facilitate denial of service (DoS) conditions rendering even the most resilient…
The Role Of An Automated Web Vulnerability Scanner In A Holistic Web Security Audit
Easily two-thirds of the value of any given web vulnerabilities assessment comes from the use of automated web vulnerability scanners. At least that’s been my experience. I certainly don’t have the knowledge – or the time – to manually track down every single flaw on…
Why Management Still Doesn’t Get Web Security
Having worked in IT for nearly two and a half decades, I’ve certainly seen my share of blame and abuse thrown the way of IT. Whether the network is down or the application is unavailable, people immediately assume that whatever IT did broke it, even…