The Manager’s Guide to Web Application Security
- Length: 232 pages
- Edition: 2014
- Language: English
- Publisher: Apress
- Publication Date: 2014-12-19
- ISBN-10: 1484201493
- ISBN-13: 9781484201497
- Sales Rank: #6992366 (See Top 100 Books)
The Manager’s Guide to Web Application Security: A Concise Guide to the Weaker Side of the Web
The Manager’s Guide to Web Application Security is a concise, information-packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively. Often, security vulnerabilities are difficult to understand and quantify because they are the result of intricate programming deficiencies and highly technical issues. Author and noted industry expert Ron Lepofsky breaks down the technical barrier and identifies many real-world examples of security vulnerabilities commonly found by IT security auditors, translates them into business risks with identifiable consequences, and provides practical guidance about mitigating them.
The Manager’s Guide to Web Application Security describes how to fix and prevent these vulnerabilities in easy-to-understand discussions of vulnerability classes and their remediation. For easy reference, the information is also presented schematically in Excel spreadsheets available to readers for free download from the publisher’s digital annex. The book is current, concise, and to the point—which is to help managers cut through the technical jargon and make the business decisions required to find, fix, and prevent serious vulnerabilities.
What youll learn
- Executives: Quickly comprehend what the application security team is saying in terms of risk and remediation
- Security experts: Understand how to express threats in terms of business risk to executives
- Details about currently relevant vulnerabilities, by vulnerability class and risk level
- Decision criteria for what type of security audit is required for your environment
- Downloadable information tables, examples, and reusable forms
- Information about standards compliance, including appendices that detail relevant standards, such as COBIT5 IT Security, Experian EI3PA Security Audit Standard, and PCI DSS
Who this book is for
The Manager’s Guide to Web Application Security is written for senior executives who have to make business decisions about managing the risk of web applications.
Table of Contents
Chapter 1: Understanding IT Security Risks
Chapter 2: Types of Web Application Security Testing
Chapter 3: Web Application Vulnerabilities and the Damage They Can Cause
Chapter 4: Web Application Vulnerabilities and Countermeasures
Chapter 5: How to Build Preventative Countermeasures for Web Application Vulnerabilities
Chapter 6: How to Manage Security on Applications Written by Third Parties
Chapter 7: Integrating Compliance with Web Application Security
Chapter 8: How to Create a Business Case for Web Application Security
Chapter 9: Parting Thoughts
Appendix A: COBIT® 5 for Information Security
Appendix B: Experian EI3PA Security Assessment
Appendix C: ISO/IEC 17799:2005 and the ISO/IEC 27000:2014 Series
Appendix D: North American Energy Council Security Standard for Critical Infrastructure Protection (NERC CIP)
Appendix E: NIST 800 Guidelines
Appendix F: Payment Card Industry (PCI) Data Security Standard Template for Report on Compliance for use with PCI DSS v3.0
Appendix G: Sarbanes-Oxley Security Compliance Requirements
Appendix H: Sources of Information
