Testing and Securing Web Applications
暫譯: 測試與保護網頁應用程式

Das, Ravi, Johnson, Greg

Testing and Securing Web Applications
  • 出版商: Auerbach Publication
  • 出版日期: 2020-08-04
  • 售價: $5,810
  • 貴賓價: 9.5$5,520
  • 語言: 英文
  • 頁數: 208
  • 裝訂: Hardcover - also called cloth, retail trade, or trade
  • ISBN: 0367532719
  • ISBN-13: 9780367532710

    • 海外代購書籍(需單獨結帳)

相關主題

商品描述

Web applications occupy a large space within the IT infrastructure of a business or a corporation. They simply just don't touch a front end or a back end; today's web apps impact just about every corner of it. Today's web apps have become complex, which has made them a prime target for sophisticated cyberattacks. As a result, web apps must be literally tested from the inside and out in terms of security before they can be deployed and launched to the public for business transactions to occur.

The primary objective of this book is to address those specific areas that require testing before a web app can be considered to be completely secure. The book specifically examines five key areas:

 

 

  • Network security: This encompasses the various network components that are involved in order for the end user to access the particular web app from the server where it is stored at to where it is being transmitted to, whether it is a physical computer itself or a wireless device (such as a smartphone).
  • Cryptography: This area includes not only securing the lines of network communications between the server upon which the web app is stored at and from where it is accessed from but also ensuring that all personally identifiable information (PII) that is stored remains in a ciphertext format and that its integrity remains intact while in transmission.
  • Penetration testing: This involves literally breaking apart a Web app from the external environment and going inside of it, in order to discover all weaknesses and vulnerabilities and making sure that they are patched before the actual Web app is launched into a production state of operation.
  • Threat hunting: This uses both skilled analysts and tools on the Web app and supporting infrastructure to continuously monitor the environment to find all security holes and gaps.
  • The Dark Web: This is that part of the Internet that is not openly visible to the public. As its name implies, this is the "sinister" part of the Internet, and in fact, where much of the PII that is hijacked from a web app cyberattack is sold to other cyberattackers in order to launch more covert and damaging threats to a potential victim.

Testing and Securing Web Applications breaks down the complexity of web application security testing so this critical part of IT and corporate infrastructure remains safe and in operation.

商品描述(中文翻譯)

網頁應用程式在企業或公司的 IT 基礎架構中佔據了重要的空間。它們不僅僅涉及前端或後端;當今的網頁應用程式幾乎影響到基礎架構的每一個角落。當今的網頁應用程式變得複雜,這使它們成為精密網路攻擊的主要目標。因此,網頁應用程式在部署和公開進行商業交易之前,必須從內到外進行安全測試。

本書的主要目標是針對在網頁應用程式被認為完全安全之前需要測試的特定領域進行探討。本書特別檢視五個關鍵領域:

- **網路安全:** 這涵蓋了各種網路組件,使用戶能夠從存放網頁應用程式的伺服器訪問該應用程式,無論是傳輸到實體電腦還是無線設備(如智能手機)。
- **密碼學:** 此領域不僅包括保護存放網頁應用程式的伺服器與用戶訪問的伺服器之間的網路通信,還確保所有存儲的個人可識別信息(PII)保持在密文格式中,並在傳輸過程中保持其完整性。
- **滲透測試:** 這涉及從外部環境實際拆解網頁應用程式,深入其內部,以發現所有弱點和漏洞,並確保在實際網頁應用程式進入生產運行狀態之前進行修補。
- **威脅獵捕:** 這使用技術分析師和工具對網頁應用程式及其支援基礎架構進行持續監控,以尋找所有安全漏洞和缺口。
- **暗網:** 這是互聯網中不對公眾開放可見的部分。顧名思義,這是互聯網的「陰暗」部分,實際上,許多從網頁應用程式網路攻擊中劫持的個人可識別信息(PII)在此被出售給其他網路攻擊者,以發起更隱秘和具破壞性的威脅。

《測試與保護網頁應用程式》簡化了網頁應用程式安全測試的複雜性,以確保這一 IT 和企業基礎架構的關鍵部分保持安全並正常運行。

作者簡介

Ravi Das is a Business Development Specialist for The AST Cybersecurity Group, Inc., a leading Cybersecurity content firm located in the Greater Chicago area. Ravi holds a Master of Science of Degree in Agribusiness Economics (Thesis in International Trade), and Master of Business Administration in Management Information Systems. He has authored five books, with two forthcoming ones on artificial intelligence in cybersecurity, and cybersecurity risk and its impact on cybersecurity insurance policies.

Greg Johnson is the CEO of the penetration test company, Webcheck Security. Greg started Webcheck Security after serving on several executive teams and a long sales and management career with technology companies such as WordPerfect/Novell, SecurityMetrics, A-LIGN, and Secuvant Security. A Brigham Young University graduate, Greg began his career in the days of 64k, 5.25" floppy drives and Mac 128k's. As the industry evolved, Greg moved into the cyber arena and provided his clients with solutions surrounding compliance, digital forensics, data breach and response, and in 2016 earned the PCI Professional (PCIP) designation. In several business development roles, Greg consulted, guided and educated clients in compliance guidelines and certifications for standards including PCI, HIPAA, ISO 27001, NIST, SOC 1 and SOC 2, GDPR/CCPA, and FedRAMP.
When he is not providing cyber solutions for his clients, he can be found spending time with his wife Kelly, playing with his grandchildren, or rehearsing or performing with the world-renowned Tabernacle Choir on Temple Square.

作者簡介(中文翻譯)

拉維·達斯是AST網路安全集團(The AST Cybersecurity Group, Inc.)的商業發展專家,該公司是一家位於芝加哥大區的領先網路安全內容公司。拉維擁有農業商業經濟學碩士學位(論文主題為國際貿易)以及管理資訊系統的工商管理碩士學位。他已出版五本書,並有兩本即將出版,主題為網路安全中的人工智慧,以及網路安全風險及其對網路安全保險政策的影響。

格雷格·約翰遜是滲透測試公司Webcheck Security的首席執行官。格雷格在多個高層團隊任職後,開始創立Webcheck Security,並在WordPerfect/Novell、SecurityMetrics、A-LIGN和Secuvant Security等科技公司擁有長期的銷售和管理職業生涯。作為布里格姆楊大學的畢業生,格雷格的職業生涯始於64k、5.25英寸軟碟和Mac 128k的時代。隨著行業的演變,格雷格進入了網路領域,為客戶提供有關合規性、數位取證、資料洩漏及應對的解決方案,並於2016年獲得PCI專業人員(PCIP)資格。在多個商業發展角色中,格雷格為客戶提供有關PCI、HIPAA、ISO 27001、NIST、SOC 1和SOC 2、GDPR/CCPA以及FedRAMP等標準的合規指導和認證教育。
當他不為客戶提供網路解決方案時,他會和妻子凱莉共度時光,與孫子們玩耍,或在聖殿廣場與世界知名的聖殿合唱團排練或表演。

類似商品