Web Security & Commerce

Risks, Technologies, and Strategies

Simson Garfinkel, Gene Spafford

Publisher: O'Reilly, 1997, 483 pages

ISBN: 1-56592-269-7

Keywords: IT Security, Networks, Web Programming

Last modified: May 28, 2021, 3:56 p.m.

Synopsis

Attacks on government Web sites, break-ins at Internet service providers, electronic credit card fraud, invasion of personal privacy by merchants as well as hackers — is this what the World Wide Web is really all about?

Web Security & Commerce cuts through the hype and the front page stories. It tells you what the real risks are and explains how you can minimize them. Whether you're a casual (but concerned) Web surfer or a system administrator responsible for the security of a critical Web server, this book will tell you what you need to know. Entertaining as well as illuminating, it looks behind the headlines at the technologies, risks, and benefits of the Web. Whatever browser or server you are using, you and your system will benefit from this book.Topics include:

  • User safety — browser vulnerabilities (with an emphasis on Netscape Navigator and Microsoft Internet Explorer), privacy concerns, issues with Java, JavaScript, ActiveX, and plug-ins.
  • Digital certificates — what they are, how they assure identity in a networked environment, how certification authorities and server certificates work, and what code signing all about.
  • Cryptography — an overview of how encryption works on the Internet and how different algorithms and programs are being used today.
  • Web server security — detailed technical information about SSL (Secure Socket Layer), TLS (Transport Layer Security), host security, server access methods, and secure CGI/API programming.
  • Commerce and society — how digital payments work, what blocking software and censorship technology (e.g., PICS and RSACi) is about, and what civil and criminal issues you need to understand.

Table of Contents

  1. Introduction
    1. The Web Security Landscape
      • Web Security in a Nutshell
      • The Web Security Problem
      • Credit Cards, Encryption, and the Web
      • Firewalls: Part of the Solution
      • Risk Management
  2. User Safety
    1. The Buggy Browser: Evolution of Risk
      • Browser History
      • Data-Driven Attacks
      • Implementation Flaws: A Litany of Bugs
    2. Java and JavaScript
      • Java
      • JavaScript
      • Denial-of-Service Attacks
      • JavaScript-Enabled Spoofing Attacks
      • Conclusion
    3. Downloading Machine Code with ActiveX and Plug-Ins
      • When Good Browsers Go Bad
      • Netscape Plug-Ins
      • ActiveX and Authenticode
      • The Risks of Downloaded Code
      • Is Authenticode a Solution?
      • Improving the Security of Downloaded Code
    4. Privacy
      • Log Files
      • Cookies
      • Personally Identifiable Information
      • Anonymizers
      • Unanticipated Disclosure
  3. Digital Certificates
    1. Digital Identification Techniques
      • Identification
      • Public Key Infrastructure
      • Problems Building a Public Key Infrastructure
      • Ten Policy Questions
    2. Certification Authorities and Server Certificates
      • Certificates Today
      • Certification Authority Certificates
      • Server Certificates
      • Conclusion
    3. Client-Side Digital Certificates
      • Client Certificates
      • A Tour of the VeriSign Digital ID Center
    4. Code Signing and Microsoft's Authenticode
      • Why Code Signing?
      • Microsoft's Authenticode Technology
      • Obtaining a Software Publisher's Certificate
      • Other Code Signing Methods
  4. Cryptography
    1. Cryptography Basics
      • Understanding Cryptography
      • Symmetric Key Algorithms
      • Public Key Algorithms
      • Message Digest Functions
      • Public Key Infrastructure
    2. Cryptography and the Web
      • Cryptography and Web Security
      • Today's Working Encryption Systems
      • U.S. Restrictions on Cryptography
      • Foreign Restrictions on Cryptography
    3. Understanding SSL and TLS
      • What Is SSL?
      • TLS Standards Activities
      • SSL: The User's Point of View
  5. Web Server Security
    1. Host and Site Security
      • Historically Unsecure Hosts
      • Current Major Host Security Problems
      • Minimizing Risk by Minimizing Services
      • Secure Content Updating
      • Back-End Databases
      • Physical Security
    2. Controlling Access to Your Web Server
      • Access Control Strategies
      • Implementing Access Controls with <Limit> Blocks
      • A Simple User Management System
    3. Secure CGI/API Programming
      • The Danger of Extensibility
      • Rules To Code By
      • Specific Rules for Specific Programming Languages
      • Tips on Writing CGI Scripts That Run with Additional Privileges
      • Conclusion
  6. Commerce and Society
    1. Digital Payments
      • Charga-Plates, Diners Club, and Credit Cards
      • Internet-Based Payment Systems
      • How to Evaluate a Credit Card Payment System
    2. Blocking Software and Censorship Technology
      • Blocking Software
      • PICS
      • RSACi
    3. Legal Issues: Civil
      • Intellectual Property
      • Torts
    4. Legal Issues: Criminal
      • Your Legal Options After a Break-In
      • Criminal Hazards That May Await You
      • Criminal Subject Matter
      • Play it Safe….
      • Laws and Activism
  7. Appendixes
    1. Lessons from Vineyard.NET
    2. Creating and Installing WebServer Certificates
    3. The SSL 3.0 Protocol
    4. The PICS Specification
    5. References

Reviews

Web Security and Commerce

Reviewed by Roland Buresund

Decent ****** (6 out of 10)

Last modified: Nov. 15, 2008, 2:23 a.m.

Opinion

Describes what the title says, in a good way. A bit thin on details.

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required