Application Security in the ISO 27001:2013 Environment, 2nd Edition

2h 27m
Vinod Vasudevan, et al.
IT Governance
2015

Web application security as part of an ISO27001-compliant information security management system

As cyber security threats proliferate and attacks escalate, and as applications play an increasingly critical role in business, organisations urgently need to focus on web application security to protect their customers, their interests and their assets. SMEs in particular should be very concerned about web application security: many use common, off-the-shelf applications and plugins - such as Internet Explorer, Java, Silverlight, and Adobe Reader and Flash Player - which often contain exploitable vulnerabilities. Application Security in the ISO27001 Environment explains how organisations can implement and maintain effective security practices to protect their web applications - and the servers on which they reside - as part of a wider information security management system by following the guidance set out in the international standard for information security management, ISO27001. The book describes the methods used by criminal hackers to attack organisations via their web applications and provides a detailed explanation of how you can combat such attacks by employing the guidance and controls set out in ISO27001. This second edition is updated to reflect ISO27001:2013 as well as best practices relating to cryptography, including the PCI SSC's denigration of SSL in favour of TLS. Application Security in the ISO27001 Environment is written by Vinod Vasudevan, Anoop Mangla, Firosh Ummer, Sachin Shetty, Sangita Pakala and Siddharth Anbalahan. Together, the authors offer a wealth of expertise in ISO27001 information security, risk management and software application development.

In this Book

Application Security in the ISO 27001 2013 Environment, Second edition
Preface
Introduction to the International Information Security Standards ISO27001 and ISO27002
The ISO27001 Implementation Project
Risk Assessment
Introduction to Application Security Theats
Application Security and ISO27001
Attacks on Applications
Secure Development Lifecycle
Threat Profiling and Security Testing
Secure Coding Guidelines
ITG Resources

FREE ACCESS

Course OWASP Top 10: A03:2021-Injection

(344)

Course Microsoft Security: Microsoft 365 Security & Security Management

(44)

Course Certified in Cybersecurity (CC): Business Continuity Planning

(38)

Get Started

Sharpen your skills. Upgrade your career. Find the right learning path for you, based on your role and skills. Take part in hands-on practice, study for a certification, and much more - all personalized for you.

*Not included: Compliance, Leadership Development Program content, and Engineering books

Your content + our content + our platform = a path to learning success

Using our learning experience platform, Percipio, your learners can engage in custom learning paths that can feature curated content from all sources.

Learn More

Aspire to something bigger

Aspire Journeys are guided learning paths that set you in motion for career success.

Browse Aspire Journeys

Explore a world of live learning with Global Knowledge

Choose from convenient delivery formats to get the training you and your team need - where, when and how you want it.

Browse Live Learning

IT Skills & Salary Report

ESG Impact Report

Application Security in the ISO 27001:2013 Environment, 2nd Edition

In this Book

YOU MIGHT ALSO LIKE