Download PDF by Ron Lepofsky: The Manager’s Guide to Web Application Security A Concise
By Ron Lepofsky
The Manager's consultant to internet program Security is a concise, information-packed consultant to program defense dangers each association faces, written in undeniable language, with counsel on easy methods to care for these concerns speedy and successfully. usually, safeguard vulnerabilities are obscure and quantify simply because they're the results of difficult programming deficiencies and hugely technical matters. writer and famous professional Ron Lepofsky breaks down the technical barrier and identifies many real-world examples of safety vulnerabilities usually discovered through IT protection auditors, interprets them into company dangers with identifiable outcomes, and offers sensible information approximately mitigating them.
The Manager's advisor to internet software Security describes tips on how to repair and stop those vulnerabilities in easy-to-understand discussions of vulnerability periods and their remediation. for simple reference, the knowledge is usually awarded schematically in Excel spreadsheets on hand to readers at no cost obtain from the publisher’s electronic annex. The publication is present, concise, and to the point—which is to assist managers reduce throughout the technical jargon and make the enterprise judgements required to discover, repair, and forestall severe vulnerabilities.
Read or Download The Manager’s Guide to Web Application Security A Concise Guide to the Weaker Side of the Web PDF
Best web programming books
The Manager's consultant to internet program safeguard is a concise, information-packed advisor to software defense hazards each association faces, written in undeniable language, with tips on find out how to care for these concerns quick and successfully. usually, safety vulnerabilities are obscure and quantify simply because they're the results of complicated programming deficiencies and hugely technical concerns.
Rails is among the so much extensible frameworks in the market. This pioneering publication deep-dives into the Rails plugin APIs and exhibits you, the intermediate Rails developer, how you can use them to put in writing larger internet purposes and make your day by day paintings with Rails extra efficient.
- ASP.NET 2.0 unleashed
- The Definitive Guide to HTML5 Video
- HTML5: 20 Lessons to Successful Web Development
- XSLT 2.0 and XPath 2.0 Programmer’s Reference
- Zend PHP 5 Certification Study Guide
Extra info for The Manager’s Guide to Web Application Security A Concise Guide to the Weaker Side of the Web
In this case, there are two sets of victims: the compromised web site and the visitors to the compromised web site. The order of the attack sequence is: 42 1. The attacker inserts malicious code into a web application. 2. The victim, who is a client of the web site, requests a page from the web site. 3. The compromised web site unwittingly sends the malicious code to its client’s browser. 4. The compromised client’s browser sends confidential information back to the attacker’s server. Chapter 3 ■ Web Application Vulnerabilities and the Damage They Can Cause Cross-Site Request Forgery Attack Risk level: HIGH Cross-site request forgery (CSRF) is yet another vulnerability caused by insufficient filtering of data input into a web application.
In reality, a competent hacker may be able to leverage the information while preparing an attack. 40 Chapter 3 ■ Web Application Vulnerabilities and the Damage They Can Cause A malicious party may intentionally submit abnormal data in order to force error messages. An attacker could use generic error messages such as “Username incorrect” and “Password incorrect” or hidden files and directories to plan an attack. Cross-Site Scripting Attacks Risk level: HIGH Cross–site scripting (XSS) attacks receive a lot of news coverage, principally because of the dramatic increase in the use of scripting languages.
Web Directories Enumerated Risk level: LOW This unauthorized view is specifically related to web directories and involves confidential information pertaining to names of directories and their subdirectories being made available to users. This information, in the hands of a malicious person, can be used to plan an attack. It is often the case when we do vulnerability scans of external IP addresses that we are able to enumerate several web directories. An attacker would most likely focus on these directories (especially the ones with names that reveal the function of objects within each directory) and try to fine-tune an attack accordingly.
The Manager’s Guide to Web Application Security A Concise Guide to the Weaker Side of the Web by Ron Lepofsky