Application security in the ISO27001:2013 Environment （2ND）

個数：

Application security in the ISO27001:2013 Environment （2ND）

Vasudevan, Vinod

ウェブストア価格 ¥9,928（本体¥9,026）
IT Governance Publishing（2015/10発売）
外貨定価 US$ 49.99
ポイント 90pt

オンデマンド(OD/POD)版です。キャンセルは承れません。

【入荷遅延について】
世界情勢の影響により、海外からお取り寄せとなる洋書・洋古書の入荷が、表示している標準的な納期よりも遅延する場合がございます。
おそれいりますが、あらかじめご了承くださいますようお願い申し上げます。

◆画像の表紙や帯等は実物とは異なる場合があります。

◆ウェブストアでの洋書販売価格は、弊社店舗等での販売価格とは異なります。
また、洋書販売価格は、ご注文確定時点での日本円価格となります。
ご注文確定後に、同じ洋書の販売価格が変動しても、それは反映されません。

製本 Paperback:紙装版/ペーパーバック版／ページ数 260 p.
言語 ENG
商品コード 9781849287678

Full Description

Application Security in the ISO 27001:2013 Environment explains how organisations can implement and maintain effective security practices to protect their web applications - and the servers on which they reside - as part of a wider information security management system by following the guidance set out in the international standard for information security management, ISO 27001.

The book describes the methods used by criminal hackers to attack organisations via their web applications and provides a detailed explanation of how you can combat such attacks by employing the guidance and controls set out in ISO 27001.

Product overview

Second edition, updated to reflect ISO 27001:2013 as well as best practices relating to cryptography, including the PCI SSC's denigration of SSL in favour of TLS.
Provides a full introduction to ISO 27001 and information security management systems, including implementation guidance.
Describes risk assessment, management and treatment approaches.
Examines common types of web app security attack, including injection attacks, cross-site scripting, and attacks on authentication and session management, explaining how each can compromise ISO 27001 control objectives and showing how to test for each attack type.
Discusses the ISO 27001 controls relevant to application security.
Lists useful web app security metrics and their relevance to ISO 27001 controls.
Provides a four-step approach to threat profiling, and describes application security review and testing approaches.
Sets out guidelines and the ISO 27001 controls relevant to them, covering:

input validation
authentication
authorisation
sensitive data handling and the use of TLS rather than SSL
session management
error handling and logging

Describes the importance of security as part of the web app development process

1: Introduction to the International Information

Security Standards ISO27001 and ISO27002

2: The ISO27001 Implementation Project

3: Risk Assessment

4: Introduction to Application Security Threats

5: Application Security and ISO27001

6: Attacks on Applications

7: Secure Development Lifecycle

8: Threat Profiling and Security Testing

9: Secure Coding Guidelines