You may not have been able to visit your page because of:
1. An out-of-date bookmark/favourite
2. A search engine that has an out-of-date listing
3. A mistyped address
4. You don't have access to this page
5. The requested resource was not found
6. An error has occurred whilst processing your request
Web application vulnerabilities are a common point of intrusion for cyber criminals. As cyber security threats proliferate and attacks escalate, and as applications play an increasingly critical role in business, organisations urgently need to focus on web application security to protect their customers, their interests and their assets.
Although awareness of the need for web application security is increasing, security levels are nowhere near enough: according to the 2015 Trustwave Global Security Report, 98% of tested web applications were vulnerable to attack.
SMEs in particular should be very concerned about web application security: many use common, off-the-shelf applications and plugins – such as Internet Explorer, Java, Silverlight, and Adobe Reader and Flash Player – which often contain exploitable vulnerabilities.
Application Security in the ISO 27001:2013 Environment explains how organisations can implement and maintain effective security practices to protect their web applications – and the servers on which they reside – as part of a wider information security management system by following the guidance set out in the international standard for information security management, ISO 27001.
The book describes the methods used by criminal hackers to attack organisations via their web applications and provides a detailed explanation of how you can combat such attacks by employing the guidance and controls set out in ISO 27001.
Vinod Vasudevan, CISSP, is the chief technology officer (CTO) at Paladion. Before co-founding Paladion, Vinod worked with Microsoft. He wrote the chapter ‘Application Security and ISO27001’.
Anoop Mangla is a risk specialist in banking and finance, and an expert on the effectiveness of security technologies in organisations’ security. He wrote the chapter ‘Introduction to Application Security Threats’.
Firosh Ummer, CISA, ISO27001 LA, CBCP, BS15000 LA, is co-founder of Paladion and head of the ISO 27001 consulting practice. Firosh wrote the chapter ‘Threat Profiling and Security Testing’.
Sachin Shetty, CISSP, is a senior application security engineer with Paladion. He wrote the chapter ‘Attacks on Applications’.
Sangita Pakala, GCIH, is Head of Application Security Projects at Paladion. She wrote the chapter ‘Secure Development Lifecycle’.
Siddharth Anbalahan is a senior application security engineer. He has developed anti-phishing toolkits to enable banks to detect phishing attacks in real time. Siddharth wrote the chapter ‘Secure Coding Guidelines’.
The activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations. Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war.
It is clear that organisations need to develop a view of cybersecurity that goes beyond technology: all staff in the organisation have a role to play, and it is the senior managers who must ensure, like generals marshalling their forces, that all staff know the cyber security policies that explain what to do when under attack.
With this in mind, the authors have drawn on the work of Clausewitz and Sun Tzu, and applied it to the understanding of information security that they have built up through their extensive experience in the field. The result is expert guidance on information security, underpinned by a profound understanding of human conflict.
Building on the success of the first edition, this new edition covers the most recent developments in the threat landscape and the best-practice advice available in the latest version of ISO 27001:2103.
Dr Andrew Vladimirov is a security researcher. His fields of expertise include network security and applied cryptography, and he has extensive experience of performing information security assessments. He and his fellow authors are the founders of Arhont Ltd, a leading information security consultancy.
Konstantin Gavrilenko has over 15 years of experience in IT and security. As a researcher, information security is his speciality, and he has a particular interest in wireless security. He holds a BSc in management science from De Montfort University and an MSc in management from Lancaster University.
Andriej Michajlowski is an expert on network security. His research interests include user and device authentication mechanisms, and wireless networking security. He has extensive experience carrying out internal and external information security assessments. He is a graduate of the University of Kent at Canterbury and he holds an MBA.
Agile development methods offer greater flexibility than traditional methods. Their emphasis on incremental testing allows maximum adaptability, giving you the tools you need to meet your customers’ needs efficiently and cost-effectively.
This twelve-step guide will give you a clear understanding of the way Agile works. It can save you time and money by helping you to:
Discover how Agile can help you deliver the results your clients want, and improve your own job.
Elizabeth Scanlon Thomas is a member of the Nokia Agile Community and the London Agile Community. She works as a documentation manager at Nokia, having begun her career in advertising and marketing before moving into writing in IT.
Many books on cybersecurity focus on technical responses to the cybercriminal, the cyberactivist and the state-sponsored hacker. As important as this is, relatively inexperienced hackers can still break into systems that have not taken account of human fallibility and other known vulnerabilities.
This second edition analyses the changing threats in the cyber landscape, and includes an updated body of knowledge that describes how to acquire, develop, and sustain a secure information environment that goes beyond technology and create a cyber-aware organisational culture that is more robust and better able to deal with a wider range of threats.
Created by Alan Calder, the Implementing IT Governance three-day training course delivers foundation training to raise awareness, build knowledge and develop a complete understanding of IT governance. Effective IT governance is acknowledged as the key to strategic IT management in all successful organisations. But with so many related standards and frameworks such as ISO 27001, COBIT® and ITIL® to choose from, how can managers govern effectively without spending excessive time and cost on rigid management processes?
By attending the Implementing IT Governance: Foundation & Principles training course, delegates will learn how to:
The course combines a high level of academic content plus practical guidance on implementation. It also provides opportunities to link growing understanding of IT governance best practice to each delegate’s corporate environment or circumstances.
This course is designed for individuals whose role requires them to have a broad understanding of IT Governance and a familiarity with the wide range of frameworks and standards which can be deployed in an integrated, business-focused IT Governance framework:
The exam is an online exam. You will need to bring a ‘pop-up enabled’ laptop/tablet to the venue. Full details on how to access the exam will be provided by email 1–2 days before sitting the exam.
Day 1: 9:00 am – 5:30 pm
Day 2: 9:00 am – 5:30 pm
Day 3: 9:00 am – 5:30 pm
This course is equivalent to 21 CPD/CPE points.
Delegates take the IBITGQ Implementing IT Governance: Foundation & Principles (CITGP) exam at the end of the course. There is no extra charge for this exam.
Implementing IT Governance: Foundation & Principles (CITGP)
This course is accredited by the International Board for IT Governance Qualifications (IBITGQ).
IBITGQ (International Board for IT Governance Qualifications) is a personnel certification body that certifies individuals in the field of IT governance.
IBITGQ is accredited to the ISO/IEC 17024:2012 standard (Conformity assessment – General requirements for bodies operating certification of persons) by IAS (International Accreditation Service). ISO 17024 is a global, industry-recognised benchmark, and qualifications accredited to this standard are recognised and highly valued by employers throughout the world.
You can demonstrate your professional and practical knowledge and expertise by registering your qualification on the IBITGQ/GASQ successful candidate register.
Yes, if you are unsuccessful on the first attempt you can retake the exam for an additional fee. You can email us to schedule the retest for the exam.
Although there are no formal entry requirements an awareness of ISO38500, COBIT, ITIL, Risk or Project Management Frameworks and Standards would be useful.
There is no recommended reading for this course.