The Manager’s Guide to Web Application Security:: A Concise by Ron Lepofsky

By Ron Lepofsky

The Manager's advisor to net program Security is a concise, information-packed consultant to software safety hazards each association faces, written in simple language, with information on how one can take care of these matters quick and successfully. usually, safeguard vulnerabilities are obscure and quantify simply because they're the results of tricky programming deficiencies and hugely technical concerns. writer and famous specialist Ron Lepofsky breaks down the technical barrier and identifies many real-world examples of safety vulnerabilities mostly chanced on by way of IT safeguard auditors, interprets them into company dangers with identifiable effects, and offers sensible suggestions approximately mitigating them.

The Manager's advisor to net software Security describes the best way to repair and stop those vulnerabilities in easy-to-understand discussions of vulnerability sessions and their remediation. for simple reference, the data is usually offered schematically in Excel spreadsheets to be had to readers at no cost obtain from the publisher’s electronic annex. The publication is present, concise, and to the point—which is to assist managers reduce during the technical jargon and make the enterprise judgements required to discover, repair, and forestall critical vulnerabilities.

Show description

Read Online or Download The Manager’s Guide to Web Application Security:: A Concise Guide to the Weaker Side of the Web PDF

Best web programming books

Learning Ext JS 3.2

The booklet presents lots of enjoyable instance code and screenshots to steer you thru the construction of examples to help with studying. through taking a chapter-by-chapter examine each one significant element of the Ext JS framework, the ebook enables you to digest the to be had positive aspects in small, simply comprehensible chunks, permitting you to begin utilizing the library in your improvement wishes instantly.

Foundation Flex for Developers: Data-Driven Applications with PHP, ASP.NET, ColdFusion, and LCDS

Flex is the most important and flexible know-how for growing internet software front-ends. yet what each strong net software wishes is a sturdy information resource, be it XML, or a database. Flex is particularly adaptable by way of connecting to info resources, and that's the major concentration of this e-book. In origin Flex for builders, writer Sas Jacobs assumes that you have got the fundamentals of Flex down already, and explores intimately the way to create specialist data-centric Flex 2 and Flex three functions.

Dynamic Web programming and HTML5

With firms and contributors more and more depending on the net, the necessity for efficient, well-trained net builders and maintainers is becoming. assisting readers grasp internet improvement, Dynamic internet Programming and HTML5 covers particular internet programming languages, APIs, and coding suggestions and offers an in-depth knowing of the underlying recommendations, conception, and ideas.

Beginning HTML5 Media: Make the most of the new video and audio standards for the Web

Starting HTML5 Media, moment variation is a entire advent to HTML5 video and audio. The HTML5 video common allows browsers to aid audio and video components natively. This makes it really easy for internet builders to submit audio and video, integrating either in the common presentation of websites.

Additional resources for The Manager’s Guide to Web Application Security:: A Concise Guide to the Weaker Side of the Web

Example text

They may be disclosed to third parties via the HTTP referrer header when any off-site links are followed. The HTTP referrer header is a data field, such as a hyperlink on a web site, that drives visits to another web site. Examples of HTTP referrers are other web sites, search engines, link lists, e-mails, and banner advertisements. Here again, we see many client web applications that use the GET method to submit sensitive information, such as session ID (session token) and passwords, which are transmitted within the query string of the requested URL.

40 Chapter 3 ■ Web Application Vulnerabilities and the Damage They Can Cause A malicious party may intentionally submit abnormal data in order to force error messages. An attacker could use generic error messages such as “Username incorrect” and “Password incorrect” or hidden files and directories to plan an attack. Cross-Site Scripting Attacks Risk level: HIGH Cross–site scripting (XSS) attacks receive a lot of news coverage, principally because of the dramatic increase in the use of scripting languages.

Testing and enforcement of authentication: Authentication and all potential ways to circumvent it should be regularly tested. A user privilege policy should be enforced, specifying what authenticated users are and are not allowed to do. Weak Password Controls Risk level: HIGH Because passwords are one of the most important elements to Internet security, they must be protected and changed regularly. The first requirement is that the password cannot be identical to the previous 13 passwords. A policy for enforcing password complexity also should be implemented, with the minimum requirements of • at least one nonalphanumeric character • at least two numeric characters • at least two uppercase letters • at least two lowercase letters 49 Chapter 4 ■ Web Application Vulnerabilities and Countermeasures Passwords Submitted Without Encryption Risk level: HIGH Since passwords are susceptible to theft, it should be ensured that they are protected by encryption or by hashing, which is a form of one-way encryption.

Download PDF sample

Rated 4.18 of 5 – based on 47 votes