The Manager's Guide to Web Application Security

A Concise Guide to the Weaker Side of the Web

By Ron Lepofsky

The Manager's Guide to Web Application Security Cover Image

The Manager's Guide to Web Application Security empowers quick decision making on security vulnerabilities by providing a clear understanding of risks and practical advice on how to deal with them. The book is built around a comprehensive set of tables of vulnerabilities, remediations, risk, and vulnerability categories, which are translated to a dynamic spreadsheet on the publisher's companion site.

Full Description

  • ISBN13: 978-1-484201-49-7
  • 200 Pages
  • User Level: Intermediate to Advanced
  • Publishing December 5, 2014, but available now as part of the Alpha Program
  • Available eBook Formats: PDF
  • Print Book Price: $79.99
  • eBook Price: $55.99

Related Titles

Full Description

The Manager's Guide to Web Application Security is a concise, information packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively. Often, security vulnerabilities are difficult to understand and quantify because they are the result of intricate programming deficiencies and highly technical issues. Author and noted industry expert Ron Lepofsky breaks down the technical barrier and identifies many real life examples of security vulnerabilities commonly found by IT security auditors, translates them into business risks with identifiable consequences, and provides practical guidance about mitigating them.

The book describes how to fix and prevent these vulnerabilities in a chart format. The book is current, concise, and to the point and helps separate technical jargon from the decisions required to find, fix, and prevent serious vulnerabilities.

• Identifies in crystal clear chart form current vulnerabilities, how to fix them, and their risk.

• Explains how to prevent vulnerabilities from occurring in the first place.

• Glossary translates technical jargon into real-world business impacts and explains the relevance.

What you’ll learn

  • Executives - Quickly comprehend what the application security team is saying in terms of risk and remediation.
  • Security experts – understand how to express threats in terms of business risk to executives.
  • Immediately see what vulnerabilities are currently relevant, by vulnerability class and by risk.
  • Decide what type of security audit is required for your environment since there are several choices.
  • Start the planning and budgeting process for preventing future vulnerabilities.

  • Get at half-hour consultation at a significantly discounted rate of $30 from the author, ASAP, as a purchaser of the book (normally $250).

Who this book is for

The Manager's Guide to Web Application Security is written for senior executives who have to make business decisions about managing the risk of web applications.

Table of Contents

Table of Contents

1. Understanding IT Security Risks

2. Types of Web Application Security Audits

3. Web Application Vulnerabilities and the Damage They Can Cause

4. Web Application Vulnerabilities and Their Remediation

5. Summary of Vulnerability Classes and Remediation Table

6. How to Prevent Web Application Vulnerabilities

7. How to Manage Application Security Written by Third Parties

8. Integrating Compliance with Web Application Security

9. How to Create a Business Case Cost Justifying Web Application Security

10. Parting Thoughts


A. COBIT5 IT Security

B. Experian EI3PA Security Audit Standard

C. ISO 17799:2005 and ISO / IEC 27000 Series

D. NERC CIP North American Energy Council Security Standard for Critical Infrastructure Protection (CIP)

E. NIST 800 Guidelines

F. PCI DSS by PCI Standards Organization

G. Sarbanes-Oxley Security Requirements

H. Sources of Information


Please Login to submit errata.

No errata are currently published