โ Scribed by Ron Lepofsky (auth.)
No coin nor oath required. For personal study only.
The Manager's Guide to Web Application Security is a concise, information-packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively. Often, security vulnerabilities are difficult to understand and quantify because they are the result of intricate programming deficiencies and highly technical issues. Author and noted industry expert Ron Lepofsky breaks down the technical barrier and identifies many real-world examples of security vulnerabilities commonly found by IT security auditors, translates them into business risks with identifiable consequences, and provides practical guidance about mitigating them.
The Manager's Guide to Web Application Security describes how to fix and prevent these vulnerabilities in easy-to-understand discussions of vulnerability classes and their remediation. For easy reference, the information is also presented schematically in Excel spreadsheets available to readers for free download from the publisher’s digital annex. The book is current, concise, and to the point—which is to help managers cut through the technical jargon and make the business decisions required to find, fix, and prevent serious vulnerabilities.
Front Matter....Pages i-xxiv
Understanding IT Security Risks....Pages 1-11
Types of Web Application Security Testing....Pages 13-20
Web Application Vulnerabilities and the Damage They Can Cause....Pages 21-46
Web Application Vulnerabilities and Countermeasures....Pages 47-79
How to Build Preventative Countermeasures for Web Application Vulnerabilities....Pages 81-94
How to Manage Security on Applications Written by Third Parties....Pages 95-98
Integrating Compliance with Web Application Security....Pages 99-110
How to Create a Business Case for Web Application Security....Pages 111-130
Parting Thoughts....Pages 131-132
COBITยฎ 5 for Information Security....Pages 133-145
Experian EI3PA Security Assessment....Pages 147-159
ISO/IEC 17799:2005 and the ISO/IEC 27000:2014 Series....Pages 161-163
North American Energy Council Security Standard for Critical Infrastructure Protection (NERC CIP)....Pages 165-176
NIST 800 Guidelines....Pages 177-178
Payment Card Industry (PCI) Data Security Standard Template for Report on Compliance for use with PCI DSS v3.0....Pages 179-196
Sarbanes-Oxley Security Compliance Requirements....Pages 197-198
Sources of Information....Pages 199-200
Back Matter....Pages 201-204
Data Encryption
๐ SIMILAR VOLUMES
The Manager's Guide to Web Application Security is a concise, information-packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively. Often, security vulnerabilities are difficult to understan
โThorough and comprehensive coverage from one of the foremost experts in browser security.โ โTavis Ormandy, Google Inc. Modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack,
โThorough and comprehensive coverage from one of the foremost experts in browser security.โ โTavis Ormandy, Google Inc. Modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack,
<span>"Thorough and comprehensive coverage from one of the foremost experts in browser security."<br> --Tavis Ormandy, Google Inc.<br><br>Modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web appl
"'Thorough and comprehensive coverage from one of the foremost experts in browser security.' --Tavis Ormandy, Google Inc. Modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack, f