Web application vulnerabilities are a common point of intrusion for cyber criminals. As cyber security threats proliferate and attacks escalate, and as applications play an increasingly critical role in business, organisations urgently need to focus on web application security to protect their customers, their interests and their assets.
Application Security in the ISO 27001:2013 Environment explains how organisations can implement and maintain effective security practices to protect their web applications – and the servers on which they reside – as part of a wider information security management system by following the guidance set out in the international standard for information security management, ISO 27001.
The book describes the methods used by criminal hackers to attack organisations via their web applications and provides a detailed explanation of how you can combat such attacks by employing the guidance and controls set out in ISO 27001.
As a comprehensive guide to web application security, from development to deployment, as part of a wider ISO 27001 information security management system it provides:
- an introduction to ISO 27001 and information security management systems, including implementation guidance
- a full discussion of the ISO 27001 controls that apply to web applications and how they address common types of attack
- a discussion of the latest cryptography best practices, updated to reflect ISO 27001:2013
- an examination of the common types of web app security attack, including injection attacks, cross-site scripting, and attacks on authentication and session management, explaining how each can compromise ISO 27001 control objectives and showing how to test for each attack type.
Take the first steps to secure your web applications today.
1: Introduction to the International Information
Security Standards ISO27001 and ISO27002
2: The ISO27001 Implementation Project
3: Risk Assessment
4: Introduction to Application Security Threats
5: Application Security and ISO27001
6: Attacks on Applications
7: Secure Development Lifecycle
8: Threat Profiling and Security Testing
9: Secure Coding Guidelines