Mike Harwood - Internet and Web Application Security

World Headquarters
Jones & Bartlett Learning
25 Mall Road
Burlington, MA 01803
978-443-5000
www.jblearning.com

Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com.

Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to .

Copyright 2024 by Jones & Bartlett Learning, LLC, an Ascend Learning Company

All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner.

The content, statements, views, and opinions herein are the sole expression of the respective authors and not that of Jones & Bartlett Learning, LLC. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not constitute or imply its endorsement or recommendation by Jones & Bartlett Learning, LLC and such reference shall not be used for advertising or product endorsement purposes. All trademarks displayed are the trademarks of the parties noted herein. Internet and Web Application Security, Third Edition is an independent publication and has not been authorized, sponsored, or otherwise approved by the owners of the trademarks or service marks referenced in this product.

There may be images in this book that feature models; these models do not necessarily endorse, represent, or participate in the activities represented in the images. Any screenshots in this product are for educational and instructive purposes only. Any individuals and scenarios featured in the case studies throughout this product may be real or fictitious but are used for instructional purposes only.

Production Credits

Vice President, Product Management: Marisa R. Urbano

Vice President, Content Strategy and Implementation: Christine Emerton

Director, Content Management: Donna Gridley

Manager, Content Strategy: Carolyn Pershouse

Director, Product Management: Ray Chew

Content Strategist: Melissa Duffy

Content Coordinator: Mark Restuccia

Development Editor: Ginny Munroe

Director, Project Management and Content Services: Karen Scott

Manager, Project Management: Jackie Reynen

Project Manager: Madelene Nieman

Senior Digital Project Specialist: Angela Dooley

Marketing Manager: Mark Adamiak

Content Services Manager: Colleen Lamy

Vice President, Manufacturing and Inventory Control: Therese Connell

Product Fulfillment Manager: Wendy Kilborn

Composition and Project Management: Straive

Cover and Text Design: Briana Yates

Media Development Editor: Faith Brosnan

Rights & Permissions Manager: John Rusk

Rights Specialist: James Fortney

Cover Image (Title Page, Part Opener, Chapter Opener): Elena Kichigina/Shutterstock

Printing and Binding: McNaughton & Gunn

Library of Congress Cataloging-in-Publication Data

Names: Harwood, Mike, author. | Price, Ron (Computer programmer), author.

Title: Internet and web application security / Mike Harwood, Ron Price.

Other titles: Security strategies in Web applications and social networking

Description: Third edition. | Burlington, MA : Jones & Bartlett Learning, [2024] | Revised edition of: Security strategies in Web applications and social networking. | Includes bibliographical references and index.

Identifiers: LCCN 2022038271 | ISBN 9781284206166 (paperback)

Subjects: LCSH: Online social networksSecurity measures. | Application softwareSecurity measures. | InternetSecurity measures. | World Wide WebSecurity measures.

Classification: LCC HM742 .H38 2024 | DDC 302.30285dc23/eng/20220822

LC record available at https://lccn.loc.gov/2022038271

6048

Printed in the United States of America

262524232210987654321

Elena Kichigina/Shutterstock

Contents

Elena Kichigina/Shutterstock

Preface

Purpose of This Book

This book is part of the Information Systems Security & Assurance Series from Jones & Bartlett Learning ( www.jblearning.com ). Designed for courses and curriculums in IT security, cybersecurity, information assurance, and information systems security, this series features a comprehensive, consistent treatment of the most current thinking and trends in this critical subject area. These titles deliver fundamental information-security principles packed with real-world applications and examples. Authored by professionals experienced in information systems security, they deliver comprehensive information on all aspects of information security. Reviewed word for word by leading technical experts in the field, these books are not just current, but forward-thinkingputting you in the position to solve the cybersecurity challenges not just of today, but of tomorrow as well.

of this book examines the evolutionary changes that have occurred in computer technology and personal and business communications, and social interaction and networking on the internet and World Wide Web. It also covers relevant security considerations for small businesses and personal users.

reviews the risks, threats, and vulnerabilities associated with web applications, including the risks, threats, and vulnerabilities associated with websites, especially those, like social networking, which allow perpetrators to plant malicious code and malware with widespread global impact. The best practices to apply security to the development, deployment, and maintenance of a website and its applications and services to prevent, mitigate, and avoid these threats are explored. Common sense and best practices for online privacy and securing your privacy data are presented, providing you with countermeasures to protect your privacy and privacy data.

presents the next and greatest business challengesecuring the mobile user. With web applications and social networking now being accessed remotely and from mobile wireless connected devices, these devices are at risk. This part of the book explores mobile communications security, given the rapid use of 4G and 5G wireless networking for mobile communication. You also learn about VoIP- and SIP-enabled applications, such as unified communications, and how they provide real-time communications for both personal and business use. Finally, web-security organizations, standards organizations, education, training, and certification organizations are presented to provide you with additional resources and planning strategies for a career in secure web application design and development.