{"product_id":"9781849287692","title":"Application security in the ISO27001:2013 Environment","description":"\u003cp\u003e\u003cem\u003eApplication Security in the ISO 27001:2013 Environment\u003c\/em\u003e explains how organisations can implement and maintain effective security practices to protect their web applications – and the servers on which they reside – as part of a wider information security management system by following the guidance set out in the international standard for information security management, ISO 27001.\u003c\/p\u003e  \u003cp\u003eThe book describes the methods used by criminal hackers to attack organisations via their web applications and provides a detailed explanation of how you can combat such attacks by employing the guidance and controls set out in ISO 27001.\u003c\/p\u003e  \u003cp\u003e \u003c\/p\u003e  Product overview \u003cul\u003e \u003cli\u003eSecond edition, updated to reflect ISO 27001:2013 as well as best practices relating to cryptography, including the PCI SSC’s denigration of SSL in favour of TLS.\u003c\/li\u003e \u003cli\u003eProvides a full introduction to ISO 27001 and information security management systems, including implementation guidance.\u003c\/li\u003e \u003cli\u003eDescribes risk assessment, management and treatment approaches.\u003c\/li\u003e \u003cli\u003eExamines common types of web app security attack, including injection attacks, cross-site scripting, and attacks on authentication and session management, explaining how each can compromise ISO 27001 control objectives and showing how to test for each attack type.\u003c\/li\u003e \u003cli\u003eDiscusses the ISO 27001 controls relevant to application security.\u003c\/li\u003e \u003cli\u003eLists useful web app security metrics and their relevance to ISO 27001 controls.\u003c\/li\u003e \u003cli\u003eProvides a four-step approach to threat profiling, and describes application security review and testing approaches.\u003c\/li\u003e \u003cli\u003eSets out guidelines and the ISO 27001 controls relevant to them, covering: \u003cul\u003e \u003cli\u003einput validation\u003c\/li\u003e \u003cli\u003eauthentication\u003c\/li\u003e \u003cli\u003eauthorisation\u003c\/li\u003e \u003cli\u003esensitive data handling and the use of TLS rather than SSL\u003c\/li\u003e \u003cli\u003esession management\u003c\/li\u003e \u003cli\u003eerror handling and logging\u003c\/li\u003e \u003c\/ul\u003e \u003c\/li\u003e \u003cli\u003eDescribes the importance of security as part of the web app development process\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003e \u003c\/p\u003e","brand":"IT Governance Publishing","offers":[{"title":"Default Title","offer_id":47166891917552,"sku":"9781849287692","price":37.99,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0737\/7593\/9824\/files\/9781849287692_p0.jpg?v=1763752838","url":"https:\/\/shop-qa.barnesandnoble.com\/products\/9781849287692","provider":"Barnes \u0026 Noble (DEV)","version":"1.0","type":"link"}