Author Archives Kevin Beaver

THE AUTHOR

Kevin Beaver

Kevin Beaver, CISSP is an independent information security consultant, writer, and professional speaker with Atlanta, GA-based Principle Logic, LLC. With over 32 years in IT and 26 years in security, Kevin specializes in vulnerability and penetration testing, security program reviews, and virtual CISO consulting work to help businesses uncheck the boxes that keep creating a false sense of security.

The Risks Associated with Third-Party Software Components

Web Security Zone | April 16, 2013 by Kevin Beaver

I was recently contacted by a colleague in an information security leadership position who was concerned about his developers using some third-party plug-ins for an enterprise application they were rolling out. His developers wanted to install these third-party components in order to speed up their…

What happens when you can’t find every web vulnerability?

Web Security Zone | April 9, 2013 by Kevin Beaver

On one end of the application security and IT audit spectrum we have people that overlook the obvious and critical stuff. But just as dangerously, on the other end of the spectrum we have people who want us to find every single flaw on every…

Incident Response Plan Template – The Essential Elements

Web Security Zone | February 22, 2013 by Kevin Beaver

Incident response is the art (and science) of responding to computer security-related breaches. Interestingly, most organizations I deal with don’t have a documented incident response plan. The last thing you want to do during and after a security breach is figure out the best approach…

How to Set (and Keep) Your Web Security Goals for 2013

Web Security Zone | January 10, 2013 by Kevin Beaver

Can you believe it’s time again for those New Year’s resolutions? It’s always great to start the New Year with a fresh set of to-do items that you’re finally going to get around to doing. The problem, however, is that when we set “resolutions”, the…

Your Scanning Experience Determines Your Scanning Success

Web Security Zone | December 13, 2012 by Kevin Beaver

You know the saying about riding a bicycle – do it once and you’ll remember it forever? That may be true for bicycles, but it’s certainly not the case when it comes to web security testing. The tools we use and the flaws we’re attempting…

Finding Web Flaws is not Point and Click

Web Security Zone | December 7, 2012 by Kevin Beaver

Successful web security testing is not as simple as point and click. Unfortunately, many people treat it as such. The thought process goes something like this: 1. Load web vulnerability scanner. 2. Enter URL to scan. 3. Click Go. 4. Generate report for the auditors….

What can Developers do to Better Protect PII?

Web Security Zone | October 10, 2012 by Kevin Beaver

A client of mine recently asked me if I had any Web development related tips for dealing with Personally Identifiable Information (PII). With this being an information security 101 type question, I had to think about it for a bit. It then occurred to me…

Should you Test Development, Staging or Production?

Web Security Zone | September 6, 2012 by Kevin Beaver

You’ve heard me say that planning is half the battle with Web security assessments. I’m finding that more and more people are on board with thinking things through in advance but there’s still one area that’s not getting the attention it deserves. It’s deciding on…

The Lost Art of Disabling Our Web Security Testing Accounts

Web Security Zone | August 23, 2012 by Kevin Beaver

Do you ever get the feeling that something’s not quite right after you’ve performed an otherwise solid web security assessment? Well, as many of us have discovered, that nagging feeling in the pit of your stomach could be something as simple as not disabling the…

Take action and discover your vulnerabilities