Library Hours
Monday to Friday: 9 a.m. to 9 p.m.
Saturday: 9 a.m. to 5 p.m.
Sunday: 1 p.m. to 9 p.m.
Naper Blvd. 1 p.m. to 5 p.m.

LEADER 00000uam a2200373 a 4500 
003    CaSebORM 
005    20200110001353.5 
006    m     o  d         
007    cr cn          
008    091115s2015    xx      o           eng   
020    |z9781849287692 
024 8  9781849287692 
035    (CaSebORM)9781849287692 
041 0  eng 
100 1  Vasudevan, Vinod,|eauthor. 
245 10 Application Security in the ISO 27001:2013 Environment
       |h[O'Reilly electronic resource] /|cVasudevan, Vinod. 
250    2nd edition 
264  1 |bIT Governance Publishing,|c2015. 
300    1 online resource (254 pages) 
336    text|btxt|2rdacontent 
337    computer|bc|2rdamedia 
338    online resource|bcr|2rdacarrier 
347    text file 
365    |b45.95 
520    Web application security as part of an ISO 27001-compliant
       information security management system  Web application 
       vulnerabilities are a common point of intrusion for cyber 
       criminals. As cybersecurity threats proliferate and 
       attacks escalate, and as applications play an increasingly
       critical role in business, organizations urgently need to 
       focus on web application security to protect their 
       customers, their interests, and their assets.  Although 
       awareness of the need for web application security is 
       increasing, security levels are nowhere near enough: 
       according to the 2015 Trustwave Global Security Report, 
       98% of tested web applications were vulnerable to attack. 
       SMEs in particular should be very concerned about web 
       application security: many use common, off-the-shelf 
       applications and plugins - such as Internet Explorer, Java,
       Silverlight, and Adobe Reader and Flash Player - which 
       often contain exploitable vulnerabilities.  Application 
       Security in the ISO 27001:2013 Environment explains how 
       organizations can implement and maintain effective 
       security practices to protect their web applications - and
       the servers on which they reside - as part of a wider 
       information security management system by following the 
       guidance set out in the international standard for 
       information security management, ISO 27001.  The book 
       describes the methods used by criminal hackers to attack 
       organizations via their web applications and provides a 
       detailed explanation of how you can combat such attacks by
       employing the guidance and controls set out in ISO 27001. 
       Product overview  Second edition, updated to reflect ISO 
       27001:2013 as well as best practices relating to 
       cryptography, including the PCI SSC's denigration of SSL 
       in favour of TLS. Provides a full introduction to ISO 
       27001 and information security management systems, 
       including implementation guidance. Describes risk 
       assessment, management, and treatment approaches. Examines
       common types of web app security attack, including 
       injection attacks, cross-site scripting, and attacks on 
       authentication and session management, explaining how each
       can compromise ISO 27001 control objectives and showing 
       how to test for each attack type. Discusses the ISO 27001 
       controls relevant to application security. Lists useful 
       web app security metrics and their relevance to ISO 27001 
       controls. Provides a four-step approach to threat 
       profiling, and describes application security review and 
       testing approaches. Sets out guidelines and t... 
533    Electronic reproduction.|bBoston, MA :|cSafari,|nAvailable
       via World Wide Web.|d2015. 
538    Mode of access: World Wide Web. 
542    |fCopyright © IT Governance Publishing|g2015 
550    Made available through: Safari, an O'Reilly Media Company.
588 00 Online resource; Title from title page (viewed October 15,
655  7 Electronic books.|2local 
710 2  Safari, an O'Reilly Media Company. 
856 40 |zConnect to this resource online|uhttps://