Internet and Web Application Security, 3rd Edition
- Length: 450 pages
- Edition: 3
- Language: English
- Publisher: Jones & Bartlett Learning
- Publication Date: 2022-12-15
- ISBN-10: 1284206165
- ISBN-13: 9781284206166
- Sales Rank: #8041254 (See Top 100 Books)
Internet and Web Application Security, Third Edition provides an in-depth look at how to secure mobile users as customer-facing information migrates from mainframe computers and application servers to Web-enabled applications. Written by industry experts, this book provides a comprehensive explanation of the evolutionary changes that have occurred in computing, communications, and social networking and discusses how to secure systems against all the risks, threats, and vulnerabilities associated with Web-enabled applications accessible via the internet. Using examples and exercises, this book incorporates hands-on activities to prepare readers to successfully secure Web-enabled applications. Part of the Jones & Bartlett Learning Information Systems Security & Assurance Series! Click here to learn more.
Cover Title Page Copyright Page Contents Preface New to This Edition Acknowledgments About the Authors CHAPTER 1 The Internet and the World Wide Web Data and Information Data Information The Evolution of Computers and Computing Before There Was an Internet ARPANET The Legacy of ARPANET The Maturing Network Hypertext The Early Internet Gopher, Archie, and Veronica Groupware Hardware The World Wide Web (WWW) Tim Berners-Lee The Web Mosaic World Wide Web Phases Web 1.0 Web 2.0 Web 3.0 Web 4.0 Client/Server Computing Virtualization and Cloud Computing Virtualization Cloud Computing Chapter Summary Key Concepts And Terms Chapter 1 Assessment CHAPTER 2 Security Considerations for SOHO and Personal Systems What Is Security? Vulnerabilities, Threats, and Risk Vulnerabilities Human Vulnerabilities and Error Weak Passwords Insecure Location System and Application Updates Not Applied No Backup Plan Natural Vulnerabilities Threats Ownership Threat Actors Social Engineering Antisocial Defense Identify Theft Malware and Ransomware Viruses Malware Malware Types Malware Movement Ransomware Risk Types of Risk Risk Assessment Risk Matrix Protecting Assets Keeping Private Data Private Hardening Exposures Closures The Benefits of Hardening Cookies Wireless Network Vulnerabilities Minimize Wireless Risks Encrypt Data in Transit Guard the SSID Threat and Risk Identification Threat Maps Current Threat Identification Broken Access Control Cryptographic Failures Injections Weak Security Design Misconfiguration Identification and Authentication Failures Application Software and Data Integrity Issues Insufficient Security Logging and Monitoring Chapter Summary Key Concepts And Terms Chapter 2 Assessment CHAPTER 3 Security Considerations for Business Business on the Web Business Modes Early E-Commerce Customer-Focused Services The Evolution of the Web Website Security Vulnerabilities Threats Ransomware Online Business Risk Asset Identification Data Assets Managing Risk Risk Assessments Qualitative and Quantitative Qualitative Assessment Quantitative Assessment Mitigation Strategies Securing IP Communications Secure Access for Remote Employees Chapter Summary Key Concepts And Terms Chapter 3 Assessment CHAPTER 4 Mitigating Risk When Connecting to the Internet The Threats and Risks on the Internet Risks and Threats Hackers and Predators Malware Vulnerabilities and Exploits Personal Attacks Online Risks and Threats Website Hosting External Web Hosting Internal Web Hosting Domain Name Server DNS Names Common DNS Attacks Best Practices for Connecting to the Internet Chapter Summary Key Concepts And Terms Chapter 4 Assessment CHAPTER 5 Mitigating Website Risks, Threats, and Vulnerabilities Who Is Coming to Your Website? Whom Do You Want to Come to Your Website? Accepting User Input on Your Website Forums Website Feedback Forms Online Surveys The OWASP Top 10 Threats Broken Access Control Cryptographic Failures Injection Insecure Design Security Misconfigurations Vulnerable and Outdated Components Identification and Authentication Failures Software and Data Integrity Failures Security Logging and Monitoring Failures Server-Side Request Forgery (SSRF) Additional Web Threats Not in the Top 10 Information Leakage and Improper Error Handling Unsecure Communications Failure to Restrict URL Access Mitigating Web Risks, Threats, and Vulnerabilities Chapter Summary Key Concepts And Terms Chapter 5 Assessment CHAPTER 6 Web Application Security Web Applications Web Application Vulnerabilities Web Application Security Areas Web Services Common Website Attacks Abuse of Functionality Brute-Force Attacks Developing Password Policies Buffer Overflow Content Spoofing Credential/Session Prediction Cross-Site Scripting Cross-Site Request Forgery Denial of Service Fingerprinting Format String HTTP Attacks Integer Overflows Injection Attacks URL Redirector Abuses OS Commanding Path Traversal Predictable Resource Location Remote File Inclusion (RFI) Routing Detour Session Fixation SOAP Array Abuse XML Attacks Common Website Weaknesses Application Misconfiguration Directory Indexing Improper File System Permissions Improper Input Handling Improper Output Handling Information Leakage Unsecure Indexing Insufficient Anti-Automation Insufficient Authentication Insufficient Authorization Insufficient Password Recovery Insufficient Process Validation Insufficient Session Expiration Insufficient Transport Layer Protection Server Misconfiguration Best Practices for Mitigating Web Attacks Best Practices for Mitigating Weaknesses Chapter Summary Key Concepts And Terms Chapter 6 Assessment CHAPTER 7 How Web Applications Work and Building a Secure Foundation How Web Applications Work Web Application Function Web Application Benefits Web Application Disadvantages Third-Party Apps Versus Third-Party Web Apps Third-Party Web Apps Web App Architecture Application Programming Interface (API) Security Regulations, Standards, and Guidelines Internet Law Censorship and Control Internet and Web Laws and Regulations Specific Information Security Standards Payment Card Industry Data Security Standard Types of Information Security Application Security Infrastructure Security Cloud Security Mitigating Risk in Web Applications Guidelines and Standards for Securing Web Applications The PCI DSS Security Actions to Protect Websites Protect Your System with Firewalls Configure Passwords and Settings Protect Stored PII Data Encrypt Transmission of Data Across Open, Public Networks Use and Regularly Update Antivirus Software Regularly Update and Patch Systems Restrict Physical Access to Workplace and Data Implement Logging and Log Management Conduct Vulnerability Scans and Penetration Tests Documentation and Risk Assessments Chapter Summary Key Concepts And Terms Chapter 7 Assessment CHAPTER 8 Developing Secure Websites and Web Applications Accepting User Input into a Website Functional Websites Hypertext Markup Language Common Gateway Interface Script JavaScript SQL Database Back-End Development Processes Secure Application Development Layered Security Strategies for Websites and Web Applications Concept and Planning Architecture and Design Implementation Testing and Debugging Release and Maintenance End of Life Incorporating Security Requirements Within the SDLC Systems Analysis Stage Designing Stage Implementation Stage Testing Stage Acceptance and Deployment Stage Maintenance Using Secure and Unsecure Protocols How Secure Sockets Layer Works SSL/TLS Encryption and Hash Protocols Selecting an Appropriate Access Control Solution Best Practices for Securing Web Applications Chapter Summary Key Concepts And Terms Chapter 8 Assessment CHAPTER 9 Mitigating Web Application Vulnerabilities Causes of Web Application Vulnerabilities Authentication Input Validation Session Management Nonsecure Code in Software Applications Developing Policies to Mitigate Vulnerabilities Implementing Secure Coding Best Practices Incorporating HTML Secure Coding Standards and Techniques Incorporating JavaScript Secure Coding Standards and Techniques Incorporating CGI Form and SQL Database Access Secure Coding Standards and Techniques Implementing SCM and Revision-Level Tracking Best Practices for Mitigating Web Application Vulnerabilities Chapter Summary Key Concepts And Terms Chapter 9 Assessment CHAPTER 10 Performing a Website Vulnerability and Security Assessment Software Testing Versus Website Vulnerability and Security Assessments Performing an Initial Discovery on the Targeted Website Ping Sweep Nmap Operating System Fingerprint Nessus Vulnerability and Port Scan Performing a Vulnerability and Security Assessment Web Server OS Web Server Application Website Front-End Website Forms and User Inputs Incorporate PCI DSS for E-Commerce Websites Using Planned Attacks to Identify Vulnerabilities Develop an Attack Plan Identify Gaps and Holes Escalate the Privilege Level Vulnerabilities in Back-End Systems and Structured Query Language (SQL) Databases Develop an Attack Plan Identify Gaps and Holes Escalate the Privilege Level Perform an SQL Injection for Data Extraction Preparing a Vulnerability and Security Assessment Report Executive Summary Summary of Findings Vulnerability Assessment Security Assessment Recommendations Best Practices for Website Vulnerability and Security Assessments Choose the Right Tools Test Inside and Out Think Outside the Box Research, Research, Research Chapter Summary Key Concepts And Terms Chapter 10 Assessment CHAPTER 11 Maintaining Compliance for E-Commerce Websites Compliance Issues for Websites General Privacy Laws General Data Protection Regulation (GDPR) California Privacy Rights Act (CPRA) Website Legal Requirements Legal Requirements Compliance Privacy Policy Cookie Management Policy Terms and Conditions Records of User Consent Other Laws Affecting Websites and Data Privacy Operational Compliance Security Measures “Lawful Basis” Data Handling Payment Processing Compliance PCI DSS Standard Revised Payment Services Directive (PSD2) 3D Secure 2.0 (3DS2) KYB and KYC Verification Tax Compliance Other Compliance Elements Chapter Summary Key Concepts And Terms Chapter 11 Assessment CHAPTER 12 Testing and Quality Assurance for Websites Development and Production Software Environments Software Development Methodologies Software Development Life Cycle Agile Software Development Methodology Scrum Other Agile Development Methodologies Joint Application Development (JAD) JAD Team Roles JAD Sessions and Workshops DevOps Website Testing First Impressions Functional Testing Links Testing Forms Testing Cookies Testing HTML/CSS Validation Testing Security Testing Mitigating Website Security Flaws Mobile Devices Documentation Testing Releasing a Website to the World Pre-Launch Tasks Website Launch Website Diagnostics SEO Strategy Post-Launch Chapter Summary Key Concepts And Terms Chapter 12 Assessment CHAPTER 13 Securing Mobile Communications Endpoint Devices Smartphones Tablets Cellular Networks and How They Work 1G Networks 2G Networks 3G Networks 4G Networks Security 4G Networks 5G Networks 5G Types 5G Signaling 5G Networking Wireless Endpoint Communication Voice Communication Voice Communication Security Email Instant Messaging (IM) Chat SMS/Text Messaging MMS Messaging Endpoint Device Risks, Threats, and Vulnerabilities OWASP Top 10 Mobile Risks Securing Endpoint Device Communication Technological Security of Devices Applications and Systems Physical Security of Devices The Internet of Things IoT Components IoT Applications Chapter Summary Key Concepts And Terms Chapter 13 Assessment CHAPTER 14 Securing Personal and Business Communications Privacy and Security in Communication Data-in-Transit Communication Privacy and Security Privacy Versus Security Online Privacy and Security Internet Privacy Issues Store-and-Forward Communication Real-Time Communication Threats to Personal and Business Communications Mitigating Voicemail Risks Messaging on Social Networking Sites Presence and Availability Instant Messaging Chat Short Message Service Text Messaging Multimedia Messaging Service Messaging Voice over IP Threats Securing Telephone and Private Branch Exchange Communications Securing Unified Communications Chapter Summary Key Concepts And Terms Chapter 14 Assessment CHAPTER 15 Security Training, Education, and Certification Security and Careers—Database Administration Database Security Database Administrator Versus Database Designer Database Management Tasks Database Security Training and Certification Security and Careers—Application Development Common Programming Tasks Programming Training and Certification Security and Careers—Network Management Common Network Administration Tasks Network Administration Training and Certification Reviewing Security Information Security and Careers—Web Design and Administration Security for Web Developers Daily Tasks for Web Developers Chapter Summary Key Concepts And Terms Chapter 15 Assessment APPENDIX A Answer Key APPENDIX B Standard Acronyms APPENDIX C Internet and Web Cybersecurity Certifications Glossary of Key Terms References Index
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.