Application Security in the ISO 27001:2013 Environment, 2nd Edition

  • 2h 27m
  • Vinod Vasudevan, et al.
  • IT Governance
  • 2015

Web application security as part of an ISO27001-compliant information security management system

As cyber security threats proliferate and attacks escalate, and as applications play an increasingly critical role in business, organisations urgently need to focus on web application security to protect their customers, their interests and their assets. SMEs in particular should be very concerned about web application security: many use common, off-the-shelf applications and plugins - such as Internet Explorer, Java, Silverlight, and Adobe Reader and Flash Player - which often contain exploitable vulnerabilities. Application Security in the ISO27001 Environment explains how organisations can implement and maintain effective security practices to protect their web applications - and the servers on which they reside - as part of a wider information security management system by following the guidance set out in the international standard for information security management, ISO27001. The book describes the methods used by criminal hackers to attack organisations via their web applications and provides a detailed explanation of how you can combat such attacks by employing the guidance and controls set out in ISO27001. This second edition is updated to reflect ISO27001:2013 as well as best practices relating to cryptography, including the PCI SSC's denigration of SSL in favour of TLS. Application Security in the ISO27001 Environment is written by Vinod Vasudevan, Anoop Mangla, Firosh Ummer, Sachin Shetty, Sangita Pakala and Siddharth Anbalahan. Together, the authors offer a wealth of expertise in ISO27001 information security, risk management and software application development.

In this Book

  • Application Security in the ISO 27001 2013 Environment, Second edition
  • Preface
  • Introduction to the International Information Security Standards ISO27001 and ISO27002
  • The ISO27001 Implementation Project
  • Risk Assessment
  • Introduction to Application Security Theats
  • Application Security and ISO27001
  • Attacks on Applications
  • Secure Development Lifecycle
  • Threat Profiling and Security Testing
  • Secure Coding Guidelines
  • ITG Resources
SHOW MORE
FREE ACCESS

YOU MIGHT ALSO LIKE

Rating 4.6 of 344 users Rating 4.6 of 344 users (344)
Rating 4.5 of 44 users Rating 4.5 of 44 users (44)