Application security in the ISO27001:2013 Environment

Application security in the ISO27001:2013 Environment
Author :
Publisher : IT Governance Ltd
Total Pages : 254
Release :
ISBN-10 : 9781849287685
ISBN-13 : 1849287686
Rating : 4/5 (85 Downloads)

Book Synopsis Application security in the ISO27001:2013 Environment by : Vinod Vasudevan

Download or read book Application security in the ISO27001:2013 Environment written by Vinod Vasudevan and published by IT Governance Ltd. This book was released on 2015-10-15 with total page 254 pages. Available in PDF, EPUB and Kindle. Book excerpt: Application Security in the ISO 27001:2013 Environment explains how organisations can implement and maintain effective security practices to protect their web applications – and the servers on which they reside – as part of a wider information security management system by following the guidance set out in the international standard for information security management, ISO 27001. The book describes the methods used by criminal hackers to attack organisations via their web applications and provides a detailed explanation of how you can combat such attacks by employing the guidance and controls set out in ISO 27001. Product overviewSecond edition, updated to reflect ISO 27001:2013 as well as best practices relating to cryptography, including the PCI SSC’s denigration of SSL in favour of TLS.Provides a full introduction to ISO 27001 and information security management systems, including implementation guidance.Describes risk assessment, management and treatment approaches.Examines common types of web app security attack, including injection attacks, cross-site scripting, and attacks on authentication and session management, explaining how each can compromise ISO 27001 control objectives and showing how to test for each attack type.Discusses the ISO 27001 controls relevant to application security.Lists useful web app security metrics and their relevance to ISO 27001 controls.Provides a four-step approach to threat profiling, and describes application security review and testing approaches.Sets out guidelines and the ISO 27001 controls relevant to them, covering:input validationauthenticationauthorisationsensitive data handling and the use of TLS rather than SSLsession managementerror handling and loggingDescribes the importance of security as part of the web app development process


Application security in the ISO27001:2013 Environment Related Books

Application security in the ISO27001:2013 Environment
Language: en
Pages: 254
Authors: Vinod Vasudevan
Categories: Computers
Type: BOOK - Published: 2015-10-15 - Publisher: IT Governance Ltd

DOWNLOAD EBOOK

Application Security in the ISO 27001:2013 Environment explains how organisations can implement and maintain effective security practices to protect their web a
Information Security Risk Management for ISO 27001/ISO 27002, third edition
Language: en
Pages: 181
Authors: Alan Calder
Categories: Computers
Type: BOOK - Published: 2019-08-29 - Publisher: IT Governance Ltd

DOWNLOAD EBOOK

Ideal for risk managers, information security managers, lead implementers, compliance managers and consultants, as well as providing useful background material
Core Software Security
Language: en
Pages: 387
Authors: James Ransome
Categories: Computers
Type: BOOK - Published: 2018-10-03 - Publisher: CRC Press

DOWNLOAD EBOOK

"... an engaging book that will empower readers in both large and small software development and engineering organizations to build security into their products
Implementing an Information Security Management System
Language: en
Pages: 284
Authors: Abhishek Chopra
Categories: Computers
Type: BOOK - Published: 2019-12-09 - Publisher: Apress

DOWNLOAD EBOOK

Discover the simple steps to implementing information security standards using ISO 27001, the most popular information security standard across the world. You�
Security, Privacy, and Digital Forensics in the Cloud
Language: en
Pages: 367
Authors: Lei Chen
Categories: Computers
Type: BOOK - Published: 2019-04-29 - Publisher: John Wiley & Sons

DOWNLOAD EBOOK

In a unique and systematic way, this book discusses the security and privacy aspects of the cloud, and the relevant cloud forensics. Cloud computing is an emerg