Ely Cambridgeshire : , : IT Governance Publishing, , 2015

1 online resource (254 pages) : illustrations

005.8

Data protection - Standards

Computer security

Computer networks - Security measures - Standards

Information technology - Standards

Computer software - Reliability

Inglese

Includes bibliographical references.

Cover; Title; Copyright; Preface; About The Authors; Acknowledgements; Contents; Chapter 1: Introduction To The International Information Security Standards Iso27001 And Iso27002; Chapter 2: The Iso27001 Implementation Project; Chapter 3: Risk Assessment; Chapter 4: Introduction To Application Security Theats; Chapter 5: Application Security And Iso27001; Chapter 6: Attacks On Applications; Chapter 7: Secure Development Lifecycle; Chapter 8: Threat Profiling And Security Testing; Chapter 9: Secure Coding Guidelines; Itg Resources.

This book explains how organisations can implement and maintain effective security practices to protect their web applications and the servers on which they reside as part of a wider information security management system by following the guidance set out in the international standard for information security management, ISO27001. Methods used by criminal hackers to attack organisations via their web applications and a detailed explanation of how you can combat such attacks by employing the guidance and controls set out in ISO27001 are provided. This edition is updated to reflect ISO27001:2013 as well as best practices relating to cryptography, including the PCI SSC's

denigration of SSL in favour of TLS. -- Edited summary from book.