Author Archives Kevin Beaver

THE AUTHOR

Kevin Beaver

Kevin Beaver, CISSP is an independent information security consultant, writer, and professional speaker with Atlanta, GA-based Principle Logic, LLC. With over 32 years in IT and 26 years in security, Kevin specializes in vulnerability and penetration testing, security program reviews, and virtual CISO consulting work to help businesses uncheck the boxes that keep creating a false sense of security.

What’s Your Take on Cloud Security?

Web Security Zone | June 1, 2011 by Kevin Beaver

One of the most common questions I get is “What’s your take on cloud security?” Well, my answer is relatively straightforward: never assume that all’s well just because someone says it is. In other words trust but verify.

Going Beyond Confirmed Web Security Flaws

Web Security Zone | May 25, 2011 by Kevin Beaver

As I wrote in my previous post about low-hanging fruit and the 2011 Verizon Data Breach Report, I’m a strong believer in finding out where your Web systems are bleeding and focusing on those issues first. It’s the basic principle of triage – finding, and…

Low-Hanging Fruit Becomes Big News with the 2011 Verizon Data Breach Report

Web Security Zone | May 3, 2011 by Kevin Beaver

The 2011 Verizon Data Breach Investigations Report is out. Yeah, yeah, yeah – yet another report telling us what a bad state of security we’re in and that we need to fix all sorts of things in IT. Okay, I’m not going to complain too…

But Compliance is Someone Else’s Job!

Web Security Zone | April 28, 2011 by Kevin Beaver

Regulatory ‘compliance’ – it’s a dirty word in business today. Perhaps that’s because we’re being force-fed more and more rules that various governing bodies believe are the best ways for us to run our businesses. Regardless of what side of the government growth – and…

Don’t Overlook the Importance of Authenticated Testing

Web Security Zone | March 31, 2011 by Kevin Beaver

Would you want to rely a home inspector’s analysis of just the outside of a new home you’re considering for purchase? What about a lab tech only running a partial CT scan or the radiologist analyzing only part of your MRI when your health is…

You can’t change what you tolerate

Web Security Zone | March 10, 2011 by Kevin Beaver

Attending a recent meeting I heard one of the speakers say “You can’t change what you tolerate.” Apparently it’s a quote from Cesar Millan (the dog whisperer) but it really struck a chord in me regarding web application security and overall information risk management. How…

Testing for weak passwords: a common oversight without a great solution

Web Security Zone | February 16, 2011 by Kevin Beaver

Typically when we think of Web security testing vulnerabilities such as SQL injection, cross-site scripting and so on come to mind. Rightly so, the flaws resulting from poor input validation alone are still a large part of the problem. But there’s another Web security vulnerability…

I wouldn’t want to be a developer these days

Web Security Zone | February 3, 2011 by Kevin Beaver

Are you a software developer? If so, I don’t envy you. Of all the possible positions working in and around IT, you’ve arguably got the toughest one. I’ve witnessed it over the years while performing my own security assessments as well as hearing about it…

How often should you test your web applications?

Web Security Zone | January 19, 2011 by Kevin Beaver

Periodic and consistent security checks – that’s the recipe for effective Web security, right? We hear this “best practice” recommendation all the time. It’s true but what exactly does it mean? How often do you really need to test your websites and web applications? Do…

Take action and discover your vulnerabilities