top of page

3 Minute Book Review: Testing and Securing Web Applications

Testing and Securing Web Applications

By Greg Johnson, CEO of Webcheck Security

Cybersecurity is a multi-faceted pie with multiple pieces, independent yet connected. Each piece of the pie, whether dealing with policy, business continuity, anomalous alerts or signatures, is a critical component. Similarly, each piece of the critical pie becomes important as it relates to web applications.

We all use them – web applications – from QuickBooks to Microsoft Office or Google Suite, from banking apps, information portals, or SalesForce to Qualtrics; each application is supported by the critical pieces of the pie.

Testing and Securing Web Applications is a book touching not just on the web application itself, but the whole cloud infrastructure that supports it. Indeed, it is a book about cybersecurity in general. The book is laid out in the following manner:

Chapter 1. Network Security. Chapter 2. Cryptography Chapter 3. Penetration Testing Chapter 4. Threat Hunting Chapter 5. Conclusion

From network protocols and infrastructure to the cryptography algorithms protecting data in transmission or storage, the base of the web application’s infrastructure is explored.

Next, the key elements of penetration testing – or benevolent hacking – are explored in detail. Tools and technologies, methods, even a step-by-step test process is described in detail. The “art” of pen testing is examined with its many components – not the least of which is skill at writing and documenting findings in a way which is helpful to developers.

Finally, hunting for threats by experienced analysts is explored in the context of a Security Operations Center or SOC. A SOC is a combination of technology and expert analysts. Such analysts are the professionals that find needles in a haystack, but these needles that can compromise the system and lead to data breach.

Testing and Securing Web Applications  is written for both layman and practitioner, and could serve as a course text. Chapter beginnings lay out and define concepts, and deeper descriptions await those wanting to learn. The inexperienced can choose to read chapter beginnings and paragraph introductions. The practitioner or those wishing to delve deeper can digest it all.

About the Author(s)

Ravi Das is a Business Development Specialist for The AST Cybersecurity Group, Inc., a leading Cybersecurity content firm located in the Greater Chicago area. Ravi holds a Master of Science of Degree in Agribusiness Economics (Thesis in International Trade), and Master of Business Administration in Management Information Systems. He has authored five books, with two forthcoming ones on artificial intelligence in cybersecurity, and cybersecurity risk and its impact on cybersecurity insurance policies.

Greg Johnson is the CEO of the penetration test company, Webcheck Security. Greg started Webcheck Security after serving on several executive teams and a long sales and management career with technology companies such as WordPerfect/Novell, SecurityMetrics, A-LIGN, and Secuvant Security. A Brigham Young University graduate, Greg began his career in the days of 64k, 5.25" floppy drives and Mac 128k’s. As the industry evolved, Greg moved into the cyber arena and provided his clients with solutions surrounding compliance, digital forensics, data breach and response, and in 2016 earned the PCI Professional (PCIP) designation. In several business development roles, Greg consulted, guided and educated clients in compliance guidelines and certifications for standards including PCI, HIPAA, ISO 27001, NIST, SOC 1 and SOC 2, GDPR/CCPA, and FedRAMP.

When he is not providing cyber solutions for his clients, he can be found spending time with his wife Kelly, playing with his grandchildren, and rehearsing or performing with the world-renowned Tabernacle Choir on Temple Square.

To order your copy click here!

To learn more about services at Webcheck Security click here.


bottom of page