Book description
PART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES! Security Strategies in Web Applications and Social Networking provides a unique, in-depth look at how to secure mobile users as customer-facing information migrates from mainframe computers and application servers to Web-enabled applications. Written by an industry expert, this book provides a comprehensive explanation of the evolutionary changes that have occurred in computing, communications, and social networking and discusses how to secure systems against all the risks, threats, and vulnerabilities associated with Web-enabled applications accessible via the Internet. Using examples and exercises, this book incorporates hands-on activities to prepare readers to successfully secure Web-enabled applications.Table of contents
- Copyright
- Preface
- Acknowledgments
-
ONE. Evolution of Computing, Communications, and Social Networking
-
1. From Mainframe to Client/Server to World Wide Web
- The Evolution of Data Processing
- Mainframe Computers
- Client/Server Computing
- Distributed Computing
- Transformation of Brick-and-Mortar Businesses to E-commerce Businesses
- World Wide Web Revolution
- Groupware and Gopher
- The Changing States of the World Wide Web
- Cloud Computing and Virtualization
- Lack of Inherent Security Within Protocols, Systems, Applications, and Coding Itself
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 1 ASSESSMENT
- ENDNOTE
-
2. From Brick-and-Mortar to E-commerce to E-business Transformation
- The Evolution of Business from Brick-and-Mortar to the WWW
- Top-of-Mind Business Drivers
- Solving Common Business Challenges
- E-business Strategies
- Internet Marketing Strategies
- Risks, Threats, and Vulnerabilities with Web Sites
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 2 ASSESSMENT
-
3. Evolution of People-to-People Communications
- Personal Versus Business Communications
- Evolution of Communications
- Social Media and Social Networking
- Online Social Behavior
- Limitations of Liability of Web Site Owners
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 3 ASSESSMENT
-
4. From Personal Communication to Social Networking
- The History and Evolution of E-mail
- The Rules for E-mail Communication
- The Key Elements of Web Pages
- Online Message Boards
- Online Forums
- Online Virtual Community Portals
- Online Chat Rooms
- Risks, Threats, and Vulnerabilities with Personal Communications and Social Networks
- Privacy Violations
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 4 ASSESSMENT
-
1. From Mainframe to Client/Server to World Wide Web
-
TWO. Secure Web-Enabled Application Deployment and Social Networking
-
5. Mitigating Risk When Connecting to the Internet
- Threats When Connecting to the Internet
- Web Site Hosting
- The Seven Domains of a Typical IT Infrastructure
- Protecting Networks in the LAN-to-WAN Domain
- Best Practices for Connecting to the Internet
- CHAPTER SUMMARY
- KEY CONCEPT AND TERMS
- CHAPTER 5 ASSESSMENT
-
6. Mitigating Web Site Risks, Threats, and Vulnerabilities
- Who Is Coming to Your Web Site?
- Whom Do You Want to Come to Your Web Site?
- Does Your Web Site Accept User Input?
-
The Open Web Application Security Project (OWASP) Top 10
- Cross-Site Scripting (XSS)
- Injection Flaws
- Malicious File Execution
- Insecure Direct Object Reference
- Cross-Site Request Forgery
- Information Leakage and Improper Error Handling
- Broken Authentication and Session Management
- Insecure Cryptographic Storage
- Insecure Communications
- Failure to Restrict URL Access
- Summary of OWASP Top 10
- Best Practices for Mitigating Known Web Application Risks, Threats, and Vulnerabilities
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 6 ASSESMENT
-
7. Introducing the Web Application Security Consortium (WASC)
- WASC Threat Classification
-
Web Site Attacks
- Abuse of Functionality
- Brute-Force Attacks
- Buffer Overflow
- Content Spoofing
- Credential/Session Prediction
- Cross-Site Scripting
- Cross-Site Request Forgery
- Denial of Service
- Fingerprinting
- Format String
- HTTP Response Smuggling
- HTTP Response Splitting
- HTTP Request Smuggling
- HTTP Request Splitting
- Integer Overflows
- LDAP Injection
- Mail Command Injection
- Null Byte Injection
- OS Commanding
- Path Traversal
- Predictable Resource Location
- Remote File Inclusion (RFI)
- Routing Detour
- Session Fixation
- SOAP Array Abuse
- SSI Injection
- SQL Injection
- URL Redirector Abuse
- XPath Injection
- XML Attribute Blowup
- XML External Entities
- XML Entity Expansion
- XML Injection
- XQuery Injection
-
Web Site Weaknesses
- Application Misconfiguration
- Directory Indexing
- Improper File System Permissions
- Improper Input Handling
- Improper Output Handling
- Information Leakage
- Insecure Indexing
- Insufficient Anti-Automation
- Insufficient Authentication
- Insufficient Authorization
- Insufficient Password Recovery
- Insufficient Process Validation
- Insufficient Session Expiration
- Insufficient Transport Layer Protection
- Server Misconfiguration
- Best Practices for Mitigating Attack Risks
- Best Practices for Mitigating Weaknesses
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 7 ASSESSMENT
-
8. Securing Web Applications
- Does Your Application Require User Input into Your Web Site?
- Technologies and Systems Used to Make a Complete Functional Web Site
- Does Your Development Process Follow the Software Development Life Cycle (SDLC)?
- Designing a Layered Security Strategy for Web Sites and Web Applications
- Incorporating Security Requirements Within the SDLC
- HTTP and Clear Text Versus HTTPS and Encryption
- SSL—Encryption for Data Transfer Between Client and Web Site
- Selecting an Appropriate Access Control Solution
- Best Practices for Securing Web Applications
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 8 ASSESSMENT
-
9. Mitigating Web Application Vulnerabilities
- Causes of Vulnerabilities
- Developing Policies to Mitigate Vulnerabilities
- Implementing Secure Coding Best Practices
- Incorporating HTML Secure Coding Standards and Techniques
- Incorporating JavaScript Secure Coding Standards and Techniques
- Incorporating CGI Form and SQL Database Access Secure Coding Standards and Techniques
- Implementing Software Development Configuration Management and Revision-Level Tracking
- Best Practices for Mitigating Web Application Vulnerabilities
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 9 ASSESSMENT
-
10. Maintaining PCI DSS Compliance for E-commerce Web Sites
- Credit Card Transaction Processing
- What Is PCI DSS?
- Designing and Building Your E-commerce Web Site with PCI DSS in Mind
- What Does a PCI DSS Security Assessment Entail?
- Best Practices to Mitigate Risk for E-commerce Web Sites with PCI DSS Compliance
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 10 ASSESSMENT
-
11. Testing and Quality Assurance for Production Web Sites
- Development and Production Software Environments
- Configuration and Change Management
- Building a Test Plan and Functionality Checklist for Web Site Deployments
- Testing for All New Applications and Features
- Detecting Security Gaps and Holes in Web Site Applications
- Mitigating Any Identified Gaps and Holes and Retesting
- Deploying Web Site Applications in a Production Environment
- Monitoring and Analyzing Web Site Traffic, Use, and Access
- Best Practices for Testing and Assuring Quality of Production Web Sites
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 11 ASSESSMENT
-
12. Performing a Web Site Vulnerability and Security Assessment
- Software Testing Versus Web Site Vulnerability and Security Assessments
- Performing an Initial Discovery on the Targeted Web Site
- Performing a Vulnerability and Security Assessment
- Using Planned Attacks to Identify Vulnerabilities
- Spotting Vulnerabilities in Back-End Systems and SQL Databases
- Preparing a Vulnerability and Security Assessment Report
- Best Practices for Web Site Vulnerability and Security Assessments
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 12 ASSESSMENT
-
5. Mitigating Risk When Connecting to the Internet
-
THREE. Web Applications and Social Networking Gone Mobile
-
13. Securing Endpoint Device Communications
- Endpoint Devices
- Wireless Networks and How They Work
- Endpoint Device Communications
- Endpoint Device Communication Risks, Threats, and Vulnerabilities
- Best Practices for Securing Endpoint Device Communications
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 13 ASSESSMENT
-
14. Securing Personal and Business Communications
- Store-and-Forward Communication
- Methods of Messaging
- Real-Time Communication
- Telephony/Private Branch Exchange (PBX) Communication Security Best Practices
- VoIP Communication Security Best Practices
- SIP Application (Unified Communications) Best Practices
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 14 ASSESSMENT
- ENDNOTE
-
15. Web Application Security Organizations, Education, Training, and Certification
- Department of Homeland Security (DHS)
- National Cyber Security Division (NCSD)
- Computer Emergency Response Team Coordination Center (CERT®/CC)
- The MITRE Corporation and the CVE List
- National Institute of Standards and Technology (NIST)
- International Information Systems Security Certification Consortium, Inc. (ISC)2
- Web Application Security Consortium (WASC)
- Open Web Application Security Project (OWASP)
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 15 ASSESSMENT
-
13. Securing Endpoint Device Communications
- A. Answer Key
- B. Standard Acronyms
- Glossary of Key Terms
- References
Product information
- Title: Security Strategies in Web Applications and Social Networking
- Author(s):
- Release date: October 2010
- Publisher(s): Jones & Bartlett Learning
- ISBN: 9780763791964
You might also like
book
Security Designs for the Cloud, IoT, and Social Networking
Security concerns around the rapid growth and variety of devices that are controlled and managed over …
book
Emerging Trends in ICT Security
Emerging Trends in ICT Security, an edited volume, discusses the foundations and theoretical aspects of ICT …
book
People-Centric Security: Transforming Your Enterprise Security Culture
A culture hacking how to complete with strategies, techniques, and resources for securing the most volatile …
book
Web Commerce Security Design and Development
A top-level security guru for both eBay and PayPal and a best-selling information systems security author …