Muutke küpsiste eelistusi

Security Strategies In Web Applications And Social Networking [Pehme köide]

3.25/5 (8 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 406 pages, kaal: 709 g
  • Ilmumisaeg: 08-Sep-2010
  • Kirjastus: Jones and Bartlett Publishers, Inc
  • ISBN-10: 0763791954
  • ISBN-13: 9780763791957
Teised raamatud teemal:
  • Pehme köide
  • Hind: 118,95 €*
  • * saadame teile pakkumise kasutatud raamatule, mille hind võib erineda kodulehel olevast hinnast
  • See raamat on trükist otsas, kuid me saadame teile pakkumise kasutatud raamatule.
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Lisa soovinimekirja
Security Strategies In Web Applications And Social NetworkingSuurem pilt
  • Formaat: Paperback / softback, 406 pages, kaal: 709 g
  • Ilmumisaeg: 08-Sep-2010
  • Kirjastus: Jones and Bartlett Publishers, Inc
  • ISBN-10: 0763791954
  • ISBN-13: 9780763791957
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780763791957.html
Märksõnad:
Security Strategies in Web Applications and Social Networking provides a unique, in-depth look at how to secure mobile users as customer-facing information migrates from mainframe computers and application servers to Web-enabled applications. Written by an industry expert, this book provides a comprehensive explanation of the evolutionary changes that have occurred in computing, communications, and social networking and discusses how to secure systems against all the risks, threats, and vulnerabilities associated with Web-enabled applications accessible via the Internet. Using examples and exercises, this book incorporates hands-on activities to prepare readers to successfully secure Web-enabled applications.

The Jones & Bartlett Learning: Information Systems Security & Assurance Series delivers fundamental IT security principles packed with real-world applications and examples for IT Security, Cybersecurity, Information Assurance, and Information Systems Security programs. Authored by Certified Information Systems Security Professionals (CISSPs), and reviewed by leading technical experts in the field, these books are current, forward-thinking resources that enable readers to solve the cybersecurity challenges of today and tomorrow.
Preface xv
Acknowledgments xvii
PART ONE Evolution of Computing, Communications, and Social Networking
1(106)
Chapter 1 From Mainframe to Client/Server to World Wide Web
2(29)
The Evolution of Data Processing
4(4)
Understanding Data, Data Processing, and Information
4(2)
1900s and Rapid Growth
6(2)
Mainframe Computers
8(1)
Client/Server Computing
9(1)
Distributed Computing
10(1)
Transformation of Brick-and-Mortar Businesses to E-commerce Businesses
11(1)
E-commerce Today
12(1)
World Wide Web Revolution
12(2)
Pre-Internet Era
13(1)
Groupware and Gopher
14(2)
Emergence of the World Wide Web
16(1)
The Changing States of the World Wide Web
16(5)
Web 1.0
16(2)
Web 2.0
18(2)
Web 3.0
20(1)
Cloud Computing and Virtualization
21(2)
Cloud Computing
21(1)
Virtualization
22(1)
Lack of Inherent Security Within Protocols, Systems, Applications, and Coding Itself
23(6)
System and Protocol Security
23(2)
Securing IP Communications
25(1)
Managing Application and Coding Security
26(1)
Using Service Packs
27(2)
Chapter Summary
29(1)
Key Concepts and Terms
29(1)
Chapter 1 Assessment
30(1)
Endnote
30(1)
Chapter 2 From Brick-and-Mortar to E-commerce to E-business Transformation
31(29)
The Evolution of Business from Brick-and-Mortar to the WWW
33(1)
E-commerce: A Brick-and-Mortar Model
33(1)
Customer-Focused E-commerce
33(1)
Emerging Trends in E-commerce: Distributed E-commerce
34(1)
Top-of-Mind Business Drivers
34(1)
Solving Common Business Challenges
35(7)
Planning Properly
35(1)
Managing the Customer Life Cycle
36(1)
Implementing an Effective Internet Marketing Strategy
37(1)
Creating New Revenue Streams
38(1)
Enhancing Customer Service Delivery
38(1)
Telecommuting and Secure Access for Remote Employees
39(1)
Maintaining Highly Available and Secure E-mail and Web Site Hosting
40(2)
E-business Strategies
42(6)
Customer Acquisition and Revenue Growth
43(3)
E-commerce and Enhanced Customer Service Delivery
46(1)
E-business with Integrated Applications
47(1)
Internet Marketing Strategies
48(5)
E-mail Distribution Lists and E-mail Blasting
49(1)
Lead-Generation Web Sites
50(1)
SEO Marketing
50(2)
Summing Up
52(1)
Risks, Threats, and Vulnerabilities with Web Sites
53(5)
Connecting to the Internet Means You Are Connecting to the Outside World
54(1)
Web Sites Are Prone to Attack and Scrutiny
54(1)
E-commerce Applications House Customer Privacy Data and Credit Card Transaction Processing Data
55(1)
Web-Enabled Applications May Face Threats and Vulnerabilities
56(2)
Chapter Summary
58(1)
Key Concepts and Terms
58(1)
Chapter 2 Assessment
59(1)
Chapter 3 Evolution of People-to-People Communications
60(25)
Personal Versus Business Communications
61(3)
E-mail
61(1)
Voice over Internet Protocol
62(1)
Real-Time Communications
62(1)
Social Networking
63(1)
Evolution of Communications
64(11)
Voice: Analog, Digital, VoIP
64(3)
Voice Messaging
67(1)
Faxing
68(1)
E-mail
69(1)
Unified Messaging
70(1)
Unified Communications
71(1)
VoIP/SIP-Enabled Applications
72(1)
Presence/Availabilty
72(1)
Audio Conferencing
73(1)
Video Conferencing
74(1)
Collaborative Communications
74(1)
Social Media and Social Networking
75(5)
What Are Social Media and Social Networking?
75(1)
Virtual Communities and Online Social Groups
76(1)
Generation-Y People-to-People Communications
77(1)
Online Presence and Networking---Personal and Professional
77(3)
Online Social Behavior
80(2)
Online Language
80(1)
Social Networking Protocols
80(1)
Chat Room Protocols
81(1)
Acceptable Use
82(1)
Limitations of Liability of Web Site Owners
82(1)
Chapter Summary
83(1)
Key Concepts and Terms
83(1)
Chapter 3 Assessment
84(1)
Chapter 4 From Personal Communication to Social Networking
85(22)
The History and Evolution of E-mail
86(1)
E-mail's Effectiveness
86(1)
The Rules for E-mail Communication
87(3)
Rules for Personal E-mail
88(1)
Rules for Business E-mail
88(2)
The Key Elements of Web Pages
90(2)
Understanding Eye Paths and Heat Maps
90(1)
The Fold
90(1)
The Body
91(1)
Online Message Boards
92(1)
Online Forums
92(1)
Online Virtual Community Portals
93(1)
Online Chat Rooms
94(1)
Risks, Threats, and Vulnerabilities with Personal Communications and Social Networks
95(8)
Perpetrators
96(1)
Phishing
97(1)
Online Scams
98(1)
E-mail Scams
99(1)
Social Engineering
100(1)
Loss of Privacy Data
101(2)
Privacy Violations
103(1)
Chapter Summary
104(1)
Key Concepts and Terms
104(1)
Chapter 4 Assessment
105(2)
PART TWO Secure Web-Enabled Application Deployment and Social Networking
107(202)
Chapter 5 Mitigating Risk When Connecting to the Internet
108(34)
Threats When Connecting to the Internet
109(11)
Risks and Threats
109(8)
Vulnerabilities and Exploits
117(1)
Perpetrators
118(2)
Web Site Hosting
120(9)
External Web Hosting
121(1)
Internal Web Hosting
122(1)
Domain Name Server
123(6)
The Seven Domains of a Typical IT Infrastructure
129(1)
Protecting Networks in the LAN-to-WAN Domain
129(10)
Perimeter Defense Strategies
130(2)
Firewalls
132(2)
Demilitarized Zones (DMZs)
134(1)
Proxy Servers
135(1)
Intrusion Detection Systems and Intrusion Protection Systems
136(3)
Best Practices for Connecting to the Internet
139(1)
Chapter Summary
140(1)
Key Concepts and Terms
140(1)
Chapter 5 Assessment
141(1)
Chapter 6 Mitigating Web Site Risks, Threats, and Vulnerabilities
142(25)
Who Is Coming to Your Web Site?
143(3)
Whom Do You Want to Come to Your Web Site?
146(2)
Does Your Web Site Accept User Input?
148(2)
Forums
148(1)
Web Site Feedback Forms
149(1)
Online Surveys
149(1)
The Open Web Application Security Project (OWASP) Top 10
150(13)
Cross-Site Scripting (XSS)
150(2)
Injection Flaws
152(1)
Malicious File Execution
153(1)
Insecure Direct Object Reference
153(1)
Cross-Site Request Forgery
154(1)
Information Leakage and Improper Error Handling
155(1)
Broken Authentication and Session Management
156(3)
Insecure Cryptographic Storage
159(1)
Insecure Communications
159(4)
Failure to Restrict URL Access
163(1)
Summary of OWASP Top 10
163(1)
Best Practices for Mitigating Known Web Application Risks, Threats, and Vulnerabilities
163(2)
Chapter Summary
165(1)
Key Concepts and Terms
165(1)
Chapter 6 Assessment
166(1)
Chapter 7 Introducing the Web Application Security Consortium (WASC)
167(33)
WASC Threat Classification
168(1)
Web Site Attacks
169(18)
Abuse of Functionality
169(1)
Brute-Force Attacks
170(2)
Buffer Overflow
172(1)
Content Spoofing
172(2)
Credential/Session Prediction
174(1)
Cross-Site Scripting
174(1)
Cross-Site Request Forgery
175(1)
Denial of Service
175(1)
Fingerprinting
176(1)
Format String
176(1)
HTTP Response Smuggling
177(1)
HTTP Response Splitting
178(1)
HTTP Response Smuggling
178(1)
HTTP Request Splitting
178(1)
Integer Overflows
179(1)
LDAP Injection
179(1)
Mail Command Injection
179(1)
Null Byte Injection
180(1)
OS Commanding
180(1)
Path Traversal
180(1)
Predictable Resource Location
181(1)
Remote File Inclusion (RFI)
181(1)
Routing Detour
182(1)
Session Fixation
182(1)
SOAP Array Abuse
183(1)
SSI Injection
184(1)
SQL Injection
184(1)
URL Redirector Abuse
184(1)
XPath Injection
185(1)
XML Attribute Blowup
185(1)
XML External Entities
186(1)
XML Entity Expansion
186(1)
XML Injection
186(1)
XQuery Injection
186(1)
Web Site Weaknesses
187(10)
Application Misconfiguration
187(1)
Directory Indexing
187(1)
Improper File System Permissions
188(2)
Improper Input Handling
190(1)
Improper Output Handling
191(1)
Information Leakage
191(1)
Insecure Indexing
192(1)
Insufficient Anti-Automation
192(1)
Insufficient Authentication
193(1)
Insufficient Authorization
193(1)
Insufficient Password Recovery
194(1)
Insufficient Process Validation
194(1)
Insufficient Session Expiration
194(1)
Insufficient Transport Layer Protection
195(1)
Server Misconfiguration
195(2)
Best Practices for Mitigating Attack Risks
197(1)
Best Practices for Mitigating Weaknesses
198(1)
Chapter Summary
198(1)
Key Concepts and Terms
198(1)
Chapter 7 Assessment
199(1)
Chapter 8 Securing Web Applications
200(24)
Does Your Application Require User Input into Your Web Site?
201(2)
Get to Know Your Syntax with Request for Comments (RFC)
203(1)
Technologies and Systems Used to Make a Complete Functional Web Site
203(4)
Hypertext Markup Language (HTML)
204(1)
Common Gateway Interface (CGI) Script
205(1)
JavaScripting
206(1)
SQL Database Back-End
206(1)
Does Your Development Process Follow the Software Development Life Cycle (SDLC)?
207(1)
Designing a Layered Security Strategy for Web Sites and Web Applications
208(1)
Incorporating Security Requirements Within the SDLC
209(3)
Systems Analysis Stage
209(1)
Designing Stage
210(1)
Implementation Stage
210(1)
Testing Stage
211(1)
Acceptance and Deployment Stage
211(1)
Maintence
211(1)
HTTP and Clear Text Versus HTTPS and Encryption
212(1)
SSL---Encryption for Data Transfer Between Client and Web Site
213(2)
SSL Encryption and Hash Protocols
214(1)
Selecting an Appropriate Access Control Solution
215(5)
Discretionary Access Control
217(1)
Mandatory Access Control
218(1)
Rule-Based Access Control
218(1)
Role-Based Access Control
219(1)
Create Access Controls That Are Commensurate with the Level of Sensitivity of Data-Access or Input
220(1)
Best Practices for Securing Web Applications
220(2)
Chapter Summary
222(1)
Key Concepts and Terms
222(1)
Chapter 8 Assessment
223(1)
Chapter 9 Mitigating Web Application Vulnerabilities
224(22)
Causes of Vulnerabilities
226(6)
Authentication
226(1)
Input Validation
227(1)
Session Management
228(1)
Vulnerabilities Are Caused by Non-Secure Code in Software Applications
229(3)
Developing Policies to Mitigate Vulnerabilities
232(4)
Implementing Secure Coding Best Practices
236(1)
Incorporating HTML Secure Coding Standards and Techniques
237(1)
Incorporating JavaScript Secure Coding Standards and Techniques
238(2)
Incorporating CGI Form and SQL Database Access Secure Coding Standards and Techniques
240(1)
SQL Database Security
240(1)
Implementing Software Development Configuration Management and Revision-Level Tracking
241(1)
Revision-Level Tracking
242(1)
Best Practices for Mitigating Web Application Vulnerabilities
242(2)
Chapter Summary
244(1)
Key Concepts and Terms
244(1)
Chapter 9 Assessment
245(1)
Chapter 10 Maintaining PCI DSS Compliance for E-Commerce Web Sites
246(20)
Credit Card Transaction Processing
247(1)
Batch Processing
247(1)
Real-Time Processing
248(1)
What is PCI DSS?
248(2)
If PCI DSS Is Not a Law, Why Do You Need to Be in Compliance?
250(1)
Designing and Building Your E-commerce Web Site with PCI DSS in Mind
250(1)
What Does a PCI DSS Security Assessment Entail?
251(3)
Scope of Assessment
252(1)
Instructions and Content for Report on Compliance
253(1)
Detailed PCI DSS Requirements and Security Assessment Procedures
254(1)
Security Assessment Marking Procedure
254(1)
Best Practices to Mitigate Risk for E-commerce Web Sites with PCI DSS Compliance
254(10)
Build and Maintain a Secure Network
255(1)
Protect Cardholder Data
256(2)
Maintain a Vulnerability Management Program
258(1)
Implement Strong Access Control Measures
259(3)
Regularly Monitor and Test Networks
262(1)
Maintain an Information Security Policy
263(1)
Chapter Summary
264(1)
Key Concepts and Terms
264(1)
Chapter 10 Assessment
265(1)
Chapter 11 Testing and Quality Assurance for Production Web Sites
266(17)
Development and Production Software Environments
267(1)
Software Development Life Cycle (SDLC)
267(1)
Configuration and Change Management
268(4)
Policies
269(2)
Standards
271(1)
Procedures
271(1)
Guidelines
272(1)
Building a Test Plan and Functionality Checklist for Web Site Deployments
272(3)
Testing All New Applications and Features
275(1)
Detecting Security Gaps and Holes in Web Site Applications
276(1)
Mitigating Any Identified Gaps and Holes and Retesting
277(1)
Deploying Web Site Applications in a Production Environment
278(1)
Monitoring and Analyzing Web Site Traffic, Use, and Access
278(1)
Best Practices for Testing and Assuring Quality of Production Web Sites
279(2)
Chapter Summary
281(1)
Key Concepts and Terms
281(1)
Chapter 11 Assessment
282(1)
Chapter 12 Performing a Web Site Vulnerability and Security Assessment
283(26)
Software Testing Versus Web Site Vulnerability and Security Assessments
284(1)
Performing an Initial Discovery on the Targeted Web Site
285(6)
Ping Sweep
286(1)
Nmap
287(1)
OS Fingerprint
288(1)
Nessus Vulnerability and Port Scan
289(2)
Performing a Vulnerability and Security Assessment
291(6)
Web Server OS
292(1)
Web Server Application
293(1)
Web Site Front End
294(1)
Web Site Forms and User Inputs
295(1)
Incorporate PCI DSS for E-commerce Web Sites
295(2)
Using Planned Attacks to Identify Vulnerabilities
297(2)
Develop an Attack Plan
297(1)
Identify Gaps and Holes
297(1)
Escalate the Privilege Level
298(1)
Spotting Vulnerabilities in Back-End Systems and SQL Databases
299(2)
Develop an Attack Plan
299(1)
Identify Gaps and Holes
299(1)
Escalate the Privilege Level
300(1)
Perform an SQL Injection for Data Extraction
300(1)
Preparing a Vulnerability and Security Assessment Report
301(4)
Executive Summary
301(1)
Summary of Findings
302(1)
Vulnerability Assessment
303(1)
Security Assessment
304(1)
Recommendations
304(1)
Best Practices for Web Site Vulnerability and Security Assessments
305(2)
Choose the Right Tools
305(1)
Test Inside and Out
306(1)
Think Outside the Box
306(1)
Research, Research, Research
306(1)
Chapter Summary
307(1)
Key Concepts and Terms
307(1)
Chapter 12 Assessment
308(1)
PART THREE Web Applications and Social Networking Gone Mobile
309(68)
Chapter 13 Securing Endpoint Device Communications
310(23)
Endpoint Devices
311(4)
Cell Phones
311(1)
PDA Devices
312(2)
Smartphones
314(1)
Wireless Networks and How They Work
315(4)
1G/2G Networks
315(1)
3G Networks
316(1)
4G Networks
317(1)
Security Features of 3G and 4G Networks
318(1)
Endpoint Device Communications
319(5)
Voice
320(1)
Internet Browsing
321(1)
E-mail
322(1)
Instant Messaging (IM) Chat
322(1)
SMS/Text Messaging
323(1)
MMS Messaging
324(1)
Endpoint Device Communication Risks, Threats, and Vulnerabilities
324(1)
Best Practices for Securing Endpoint Device Communications
325(5)
Technological Security of Devices
326(1)
Physical Security of Devices
327(3)
Chapter Summary
330(1)
Key Concepts and Terms
331(1)
Chapter 13 Assessment
331(2)
Chapter 14 Securing Personal and Business Communications
333(24)
Store-and-Forward Communication
334(2)
Voice Mail
335(1)
Methods of Messaging
336(5)
E-mail
336(2)
Fax
338(2)
Social Networking Site Messages
340(1)
Real-Time Communication
341(7)
Telephone
342(1)
Presence/Availability
343(1)
Instant Messaging Chat
344(1)
SMS Text Messaging
345(1)
MMS Messaging
346(2)
VoIP Threats
348(1)
Telephony/Private Branch Exchange (PBX) Communication Security Best Practices
348(1)
VoIP Communication Security Best Practices
349(2)
VoIP Planning Best Practices
350(1)
VoIP Implementation Best Practices
350(1)
SIP Application (Unified Communications) Best Practices
351(4)
SIP Features and Essentials
351(1)
SIP User Agents and Communication Between Them
352(2)
Implementation Best Practices
354(1)
Chapter Summary
355(1)
Key Concepts and Terms
355(1)
Chapter 14 Assessment
355(1)
Endnote
356(1)
Chapter 15 Web Application Security Organizations, Education, Training, and Certification
357(20)
Department of Homeland Security (DHS)
358(2)
Advisory Bodies
358(1)
The U.S. Secret Service (USSS)
358(1)
The Federal Law Enforcement Training Center (FLETC)
359(1)
National Cyber Security Division (NCSD)
360(1)
United States Computer Emergency Response Team (US-CERT)
360(1)
Cyber-Risk Management Programs
360(1)
Computer Emergency Response Team Coordination Center (CERT®/CC)
361(1)
The MITRE Corporation and the CVE List
362(2)
Why CVE?
362(1)
Common Vulnerabilities and Exposures (CVE) List
362(2)
National Institute of Standards and Technology (NIST)
364(2)
Technical Security Standards
364(1)
Computer Security Resource Center (CSRC)
365(1)
International Information Systems Security Certification Consortium, Inc. (ISC)2
366(5)
Certified Information Systems Security Professional (CISSP)
366(2)
Systems Security Certified Practitioner (SSCP)
368(1)
(ISC)2 Associate
369(1)
Certification and Accreditation Professional (CAP)
370(1)
Certified Secure Software Lifecycle Professional (CSSLP)
370(1)
Web Application Security Consortium (WASC)
371(1)
WASC Projects
371(1)
Open Web Application Security Project (OWASP)
372(3)
OWASP Top 10 List
372(1)
WebScarab
373(1)
AntiSamy
373(1)
Enterprise Security API (ESAPI)
373(1)
WebGoat
373(1)
Open Software Assurance Maturity Model (OpenSAMM)
374(1)
OWASP Guides
374(1)
Chapter Summary
375(1)
Key Concepts and Terms
375(1)
Chapter 15 Assessment
376(1)
Appendix A Answer Key 377(2)
Appendix B Standard Acronyms 379(2)
Glossary of Key Terms 381(10)
References 391(6)
Index 397