book

Foundations of Information Security

by Jason Andress

October 2019

Beginner

248 pages

7h 7m

English

No Starch Press

Read now

Unlock full access

Who Should Read This Book?About This Book
Defining Information SecurityWhen Are You Secure?Models for Discussing Security IssuesAttacksDefense in DepthSummaryExercises

IdentificationAuthenticationCommon Identification and Authentication MethodsSummaryExercises
What Are Access Controls?Implementing Access ControlsAccess Control ModelsPhysical Access ControlsSummaryExercises
AccountabilitySecurity Benefits of AccountabilityAuditingSummaryExercises
The History of CryptographyModern Cryptographic ToolsProtecting Data at Rest, in Motion, and in UseSummaryExercises
What Is Compliance?Achieving Compliance with ControlsMaintaining ComplianceLaws and Information SecurityAdopting Frameworks for ComplianceCompliance amid Technological ChangesSummaryExercises
The Operations Security ProcessLaws of Operations SecurityOperations Security in Our Personal LivesOrigins of Operations SecuritySummaryExercises
Gathering Information for Social Engineering AttacksTypes of Social Engineering AttacksBuilding Security Awareness with Security Training ProgramsSummaryExercises
Identifying Physical ThreatsPhysical Security ControlsProtecting PeopleProtecting DataProtecting EquipmentSummaryExercises
Protecting NetworksProtecting Network TrafficNetwork Security ToolsSummaryExercises
Operating System HardeningProtecting Against MalwareOperating System Security ToolsSummaryExercises
Mobile SecurityEmbedded SecurityInternet of Things SecuritySummaryExercises
Software Development VulnerabilitiesWeb SecurityDatabase SecurityApplication Security ToolsSummaryExercises
Vulnerability AssessmentPenetration TestingDoes This Really Mean You’re Secure?SummaryExercises

Content preview from Foundations of Information Security

13APPLICATION SECURITY

In Chapters 10 and 11, I discussed the importance of keeping your networks and operating systems secure. Part of keeping attackers from interacting with your networks and subverting your operating system security is ensuring the security of your applications.

In December 2013, the Target Corporation, a retailer operating more than 1,800 stores throughout the United States, reported a breach of customer data that included 40 million customer names, card numbers, card expiration dates, and card security codes.¹ A month later, Target announced that an additional 70 million customers had had their personal data breached.²