© Elena Kichigina/Shutterstock
PART ONE The Internet, the World Wide Web, and the Need for Security
CHAPTER 1 The Internet and the World Wide Web
The Evolution of Computers and Computing
Virtualization and Cloud Computing
CHAPTER 2 Security Considerations for SOHO and Personal Systems
Vulnerabilities, Threats, and Risk
Human Vulnerabilities and Error
System and Application Updates Not Applied
Wireless Network Vulnerabilities
Threat and Risk Identification
Identification and Authentication Failures
Application Software and Data Integrity Issues
Insufficient Security Logging and Monitoring
CHAPTER 3 Security Considerations for Business
Secure Access for Remote Employees
PART TWO Secure Web-Enabled Application Deployment and Social Networking
CHAPTER 4 Mitigating Risk When Connecting to the Internet
The Threats and Risks on the Internet
Best Practices for Connecting to the Internet
CHAPTER 5 Mitigating Website Risks, Threats, and Vulnerabilities
Who Is Coming to Your Website?
Whom Do You Want to Come to Your Website?
Accepting User Input on Your Website
Vulnerable and Outdated Components
Identification and Authentication Failures
Software and Data Integrity Failures
Security Logging and Monitoring Failures
Server-Side Request Forgery (SSRF)
Additional Web Threats Not in the Top 10
Information Leakage and Improper Error Handling
Failure to Restrict URL Access
Mitigating Web Risks, Threats, and Vulnerabilities
CHAPTER 6 Web Application Security
Web Application Vulnerabilities
Web Application Security Areas
Improper File System Permissions
Insufficient Password Recovery
Insufficient Process Validation
Insufficient Session Expiration
Insufficient Transport Layer Protection
Best Practices for Mitigating Web Attacks
Best Practices for Mitigating Weaknesses
CHAPTER 7 How Web Applications Work and Building a Secure Foundation
Third-Party Apps Versus Third-Party Web Apps
Application Programming Interface (API)
Security Regulations, Standards, and Guidelines
Internet and Web Laws and Regulations
Specific Information Security Standards
Payment Card Industry Data Security Standard
Mitigating Risk in Web Applications
Guidelines and Standards for Securing Web Applications
Security Actions to Protect Websites
Protect Your System with Firewalls
Configure Passwords and Settings
Encrypt Transmission of Data Across Open, Public Networks
Use and Regularly Update Antivirus Software
Regularly Update and Patch Systems
Restrict Physical Access to Workplace and Data
Implement Logging and Log Management
Conduct Vulnerability Scans and Penetration Tests
Documentation and Risk Assessments
CHAPTER 8 Developing Secure Websites and Web Applications
Accepting User Input into a Website
Common Gateway Interface Script
Secure Application Development
Layered Security Strategies for Websites and Web Applications
Incorporating Security Requirements Within the SDLC
Acceptance and Deployment Stage
Using Secure and Unsecure Protocols
How Secure Sockets Layer Works
SSL/TLS Encryption and Hash Protocols
Selecting an Appropriate Access Control Solution
Best Practices for Securing Web Applications
CHAPTER 9 Mitigating Web Application Vulnerabilities
Causes of Web Application Vulnerabilities
Nonsecure Code in Software Applications
Developing Policies to Mitigate Vulnerabilities
Implementing Secure Coding Best Practices
Incorporating HTML Secure Coding Standards and Techniques
Incorporating JavaScript Secure Coding Standards and Techniques
Incorporating CGI Form and SQL Database Access Secure Coding Standards and Techniques
Implementing SCM and Revision-Level Tracking
Best Practices for Mitigating Web Application Vulnerabilities
CHAPTER 10 Performing a Website Vulnerability and Security Assessment
Software Testing Versus Website Vulnerability and Security Assessments
Performing an Initial Discovery on the Targeted Website
Nessus Vulnerability and Port Scan
Performing a Vulnerability and Security Assessment
Incorporate PCI DSS for E-Commerce Websites
Using Planned Attacks to Identify Vulnerabilities
Vulnerabilities in Back-End Systems and Structured Query Language (SQL) Databases
Perform an SQL Injection for Data Extraction
Preparing a Vulnerability and Security Assessment Report
Best Practices for Website Vulnerability and Security Assessments
CHAPTER 11 Maintaining Compliance for E-Commerce Websites
Compliance Issues for Websites
General Data Protection Regulation (GDPR)
California Privacy Rights Act (CPRA)
Other Laws Affecting Websites and Data Privacy
Revised Payment Services Directive (PSD2)
CHAPTER 12 Testing and Quality Assurance for Websites
Development and Production Software Environments
Software Development Methodologies
Software Development Life Cycle
Agile Software Development Methodology
Other Agile Development Methodologies
Joint Application Development (JAD)
Mitigating Website Security Flaws
Releasing a Website to the World
PART THREE Web Applications and Social Networking Gone Mobile
CHAPTER 13 Securing Mobile Communications
Cellular Networks and How They Work
Wireless Endpoint Communication
Endpoint Device Risks, Threats, and Vulnerabilities
Securing Endpoint Device Communication
Technological Security of Devices
CHAPTER 14 Securing Personal and Business Communications
Privacy and Security in Communication
Communication Privacy and Security
Store-and-Forward Communication
Threats to Personal and Business Communications
Messaging on Social Networking Sites
Short Message Service Text Messaging
Multimedia Messaging Service Messaging
Securing Telephone and Private Branch Exchange Communications
Securing Unified Communications
CHAPTER 15 Security Training, Education, and Certification
Security and Careers—Database Administration
Database Administrator Versus Database Designer
Database Security Training and Certification
Security and Careers—Application Development
Programming Training and Certification
Security and Careers—Network Management
Common Network Administration Tasks
Network Administration Training and Certification
Reviewing Security Information
Security and Careers—Web Design and Administration
Daily Tasks for Web Developers