+612 9045 4394
Web Security, Privacy & Commerce 2e : OREILLY - Simson Garfinkel

Web Security, Privacy & Commerce 2e


Paperback Published: 26th November 2001
ISBN: 9780596000455
Number Of Pages: 790

Share This Book:


RRP $80.00
Ships in 15 business days

Since the first edition of this classic reference was published, World Wide Web use has exploded and e-commerce has become a daily part of business and personal life. As Web use has grown, so have the threats to our security and privacy--from credit card fraud to routine invasions of privacy by marketers to web site defacements to attacks that shut down popular web sites.

"Web Security, Privacy & Commerce" goes behind the headlines, examines the major security risks facing us today, and explains how we can minimize them. It describes risks for Windows and Unix, Microsoft Internet Explorer and Netscape Navigator, and a wide range of current programs and products. In vast detail, the book covers: Web technology--The technological underpinnings of the modern Internet and the cryptographic foundations of e-commerce are discussed, along with SSL (the Secure Sockets Layer), the significance of the PKI (Public Key Infrastructure), and digital identification, including passwords, digital signatures, and biometrics. Web privacy and security for users--Learn the real risks to user privacy, including cookies, log files, identity theft, spam, web logs, and web bugs, and the most common risk, users' own willingness to provide e-commerce sites with personal information. Hostile mobile code in plug-ins, ActiveX controls, Java applets, and JavaScript, Flash, and Shockwave programs are also covered. Web server security--Administrators and service providers discover how to secure their systems and web services. Topics include CGI, PHP, SSL certificates, law enforcement issues, and more. Web content security--Zero in on web publishing issues for content providers, including intellectual property, copyright and trademark issues, P3P and privacy policies, digital payments, client-side digital signatures, code signing, pornography filtering and PICS, and other controls on web content.

Nearly double the size of the first edition, this completely updated volume is destined to be the definitive reference on Web security risks and the techniques and technologies you can use to protect your privacy, your organization, your system, and your network.

Prefacep. xi
Web Technology
The Web Security Landscapep. 3
The Web Security Problemp. 3
Risk Analysis and Best Practicesp. 10
The Architecture of the World Wide Webp. 13
History and Terminologyp. 13
A Packet's Tour of the Webp. 20
Who Owns the Internet?p. 33
Cryptography Basicsp. 46
Understanding Cryptographyp. 46
Symmetric Key Algorithmsp. 53
Public Key Algorithmsp. 65
Message Digest Functionsp. 71
Cryptography and the Webp. 78
Cryptography and Web Securityp. 78
Working Cryptographic Systems and Protocolsp. 81
What Cryptography Can't Dop. 88
Legal Restrictions on Cryptographyp. 90
Understanding SSL and TLSp. 107
What Is SSL?p. 107
SSL: The User's Point of Viewp. 115
Digital Identification I: Passwords, Biometrics, and Digital Signaturesp. 119
Physical Identificationp. 119
Using Public Keys for Identificationp. 130
Real-World Public Key Examplesp. 140
Digital Identification II: Digital Certificates, CAs, and PKIp. 153
Understanding Digital Certificates with PGPp. 153
Certification Authorities: Third-Party Registrarsp. 160
Public Key Infrastructurep. 174
Open Policy Issuesp. 187
Privacy and Security for Users
The Web's War on Your Privacyp. 203
Understanding Privacyp. 204
User-Provided Informationp. 207
Log Filesp. 210
Understanding Cookiesp. 216
Web Bugsp. 225
Conclusionp. 229
Privacy-Protecting Techniquesp. 230
Choosing a Good Service Providerp. 230
Picking a Great Passwordp. 231
Cleaning Up After Yourselfp. 242
Avoiding Spam and Junk Emailp. 252
Identity Theftp. 256
Privacy-Protecting Technologiesp. 262
Blocking Ads and Crushing Cookiesp. 262
Anonymous Browsingp. 268
Secure Emailp. 275
Backups and Antitheftp. 284
Using Backups to Protect Your Datap. 284
Preventing Theftp. 295
Mobile Code I: Plug-Ins, ActiveX, and Visual Basicp. 298
When Good Browsers Go Badp. 299
Helper Applications and Plug-insp. 304
Microsoft's ActiveXp. 308
The Risks of Downloaded Codep. 318
Conclusionp. 326
Mobile Code II: Java, JavaScript, Flash, and Shockwavep. 327
Javap. 327
JavaScriptp. 346
Flash and Shockwavep. 358
Conclusionp. 359
Web Server Security
Physical Security for Serversp. 363
Planning for the Forgotten Threatsp. 363
Protecting Computer Hardwarep. 366
Protecting Your Datap. 381
Personnelp. 392
Story: A Failed Site Inspectionp. 392
Host Security for Serversp. 396
Current Host Security Problemsp. 397
Securing the Host Computerp. 405
Minimizing Risk by Minimizing Servicesp. 411
Operating Securelyp. 413
Secure Remote Access and Content Updatingp. 423
Firewalls and the Webp. 431
Conclusionp. 433
Securing Web Applicationsp. 435
A Legacy of Extensibility and Riskp. 435
Rules to Code Byp. 443
Securely Using Fields, Hidden Fields, and Cookiesp. 448
Rules for Programming Languagesp. 454
Using PHP Securelyp. 457
Writing Scripts That Run with Additional Privilegesp. 467
Connecting to Databasesp. 468
Conclusionp. 471
Deploying SSL Server Certificatesp. 472
Planning for Your SSL Serverp. 472
Creating SSL Servers with FreeBSDp. 477
Installing an SSL Certificate on Microsoft IISp. 501
Obtaining a Certificate from a Commercial CAp. 503
When Things Go Wrongp. 506
Securing Your Web Servicep. 510
Protecting Via Redundancyp. 510
Protecting Your DNSp. 514
Protecting Your Domain Registrationp. 515
Computer Crimep. 517
Your Legal Options After a Break-Inp. 517
Criminal Hazardsp. 523
Criminal Subject Matterp. 526
Security for Content Providers
Controlling Access to Your Web Contentp. 533
Access Control Strategiesp. 533
Controlling Access with Apachep. 538
Controlling Access with Microsoft IISp. 545
Client-Side Digital Certificatesp. 550
Client Certificatesp. 550
A Tour of the VeriSign Digital ID Centerp. 553
Code Signing and Microsoft's Authenticodep. 560
Why Code Signing?p. 560
Microsoft's Authenticode Technologyp. 564
Obtaining a Software Publishing Certificatep. 577
Other Code Signing Methodsp. 577
Pornography, Filtering Software, and Censorshipp. 579
Pornography Filteringp. 579
PICSp. 582
RSACip. 589
Conclusionp. 591
Privacy Policies, Legislation, and P3Pp. 592
Policies That Protect Privacy and Privacy Policiesp. 592
Children's Online Privacy Protection Actp. 601
P3Pp. 606
Conclusionp. 609
Digital Paymentsp. 610
Charga-Plates, Diners Club, and Credit Cardsp. 610
Internet-Based Payment Systemsp. 620
How to Evaluate a Credit Card Payment Systemp. 640
Intellectual Property and Actionable Contentp. 642
Copyrightp. 642
Patentsp. 645
Trademarksp. 646
Actionable Contentp. 650
Lessons from Vineyard.NETp. 655
The SSL/TLS Protocolp. 688
P3P: The Platform for Privacy Preferences Projectp. 699
The PICS Specificationp. 708
Referencesp. 716
Indexp. 735
Table of Contents provided by Syndetics. All Rights Reserved.

ISBN: 9780596000455
ISBN-10: 0596000456
Audience: Professional
Format: Paperback
Language: English
Number Of Pages: 790
Published: 26th November 2001
Publisher: John Wiley & Sons Publishers
Country of Publication: US
Dimensions (cm): 23.3 x 18.1  x 3.84
Weight (kg): 1.3
Edition Number: 2
Edition Type: Revised