Today more and more people are transacting business, conducting research, storing information, collaborating with co-workers, publishing personal thoughts and fostering relationships using web applications. Because the bulk of processing occurs on servers accessed through remote web sites, a vulnerability in a web application could give an attacker control over the application and access to the server, database and other back-end resources. As a result, unfortunately, web applications are an attractive target for hackers and vulnerabilities are now among the most prevalent of all server vulnerability disclosures. The new “WAS for Dummies” book provides information on how to scan for vulnerabilities to proactively keep data in web applications secure.
“WAS for Dummies” outlines the process in five parts:
* Why Web Security Matters, providing a primer on the importance of web application security. * Establishing a Web Application Security Program, presenting a framework of actions you can take to find and fix vulnerabilities in custom web applications. * Using Automated Scanning to Test Web Applications. This section provides a guide to choosing and using a scanner to automatically find and prioritize web application vulnerabilities. * Introducing QualysGuard WAS, describing the ease and simplicity of using a popular web application scanner from Qualys. * Ten Tips for Securing Web Applications. This last section provides a short list of steps to ensure stronger security for custom web applications.
“WAS for Dummies” is Qualys’ fourth book in John Wiley & Sons’ for Dummies publications. To learn more about these publications or to download free copies, visit:
* WAS for Dummies: http://www.qualys.com/wasfordummies * IT Policy Compliance for Dummies: http://www.qualys.com/itpcfordummies * PCI Compliance for Dummies: http://www.qualys.com/pcifordummies * Vulnerability Management for Dummies: http://www.qualys.com/dummies
About the Author
Mike Shema, security research engineer at Qualys, is the co-author of Hacking Exposed: Web Applications, The Anti-Hacker Toolkit, and the author of Hack Notes: Web Application Security. He has extensive experience with information security, especially in the realm of web application security. He is currently developing tools that automate the web application audit process. His prior experience includes research and development at NT Objectives, Inc. and information security consulting at Foundstone and Booz Allen Hamilton.
He has taught at the Black Hat conferences in Las Vegas, Singapore, and Amsterdam, and continues to speak regularly at premier industry conferences and events around the world. He holds B.S. degrees in Electrical Engineering and French from Penn State University.
Qualys, Inc. is the leading provider of on demand IT security risk and compliance management solutions – delivered as a service. Qualys’ Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.
The QualysGuard' service is used today by more than 5,000 organizations in 85 countries, including 47 of the Fortune Global 100, and performs more than 500 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a Fortune Global 50 company, and has been recognized by leading industry analysts for its market leadership.
Qualys has established strategic agreements with leading managed service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS. Qualys is a founding member of the Cloud Security Alliance (CSA).
For more information, please visit www.qualys.com.