Web Security, Privacy & Commerce

Tell a friend

Web Security, Privacy & Commerce, Second Edition By Simson Garfinkel
With Gene Spafford
November 2001
Pages: 786

| Table of Contents | Index | Sample Chapter | Colophon

Web Technology
1. Chapter 1 The Web Security Landscape
  1. The Web Security Problem
  2. Risk Analysis and Best Practices
2. Chapter 2 The Architecture of the World Wide Web
  1. History and Terminology
  2. A Packet's Tour of the Web
  3. Who Owns the Internet?
3. Chapter 3 Cryptography Basics
  1. Understanding Cryptography
  2. Symmetric Key Algorithms
  3. Public Key Algorithms
  4. Message Digest Functions
4. Chapter 4 Cryptography and the Web
  1. Cryptography and Web Security
  2. Working Cryptographic Systems and Protocols
  3. What Cryptography Can't Do
  4. Legal Restrictions on Cryptography
5. Chapter 5 Understanding SSL and TLS
  1. What Is SSL?
  2. SSL: The User's Point of View
6. Chapter 6 Digital Identification I: Passwords, Biometrics, and Digital Signatures
  1. Physical Identification
  2. Using Public Keys for Identification
  3. Real-World Public Key Examples
7. Chapter 7 Digital Identification II: Digital Certificates, CAs, and PKI
  1. Understanding Digital Certificates with PGP
  2. Certification Authorities: Third-Party Registrars
  3. Public Key Infrastructure
  4. Open Policy Issues
Privacy and Security for Users
1. Chapter 8 The Web's War on Your Privacy
  1. Understanding Privacy
  2. User-Provided Information
  3. Log Files
  4. Understanding Cookies
  5. Web Bugs
  6. Conclusion
2. Chapter 9 Privacy-Protecting Techniques
  1. Choosing a Good Service Provider
  2. Picking a Great Password
  3. Cleaning Up After Yourself
  4. Avoiding Spam and Junk Email
  5. Identity Theft
3. Chapter 10 Privacy-Protecting Technologies
  1. Blocking Ads and Crushing Cookies
  2. Anonymous Browsing
  3. Secure Email
4. Chapter 11 Backups and Antitheft
  1. Using Backups to Protect Your Data
  2. Preventing Theft
5. Chapter 12 Mobile Code I: Plug-Ins, ActiveX,and Visual Basic
  1. When Good Browsers Go Bad
  2. Helper Applications and Plug-ins
  3. Microsoft's ActiveX
  4. The Risks of Downloaded Code
  5. Conclusion
6. Chapter 13 Mobile Code II: Java, JavaScript, Flash, and Shockwave
  1. Java
  2. JavaScript
  3. Flash and Shockwave
  4. Conclusion
Web Server Security
1. Chapter 14 Physical Security for Servers
  1. Planning for the Forgotten Threats
  2. Protecting Computer Hardware
  3. Protecting Your Data
  4. Personnel
  5. Story: A Failed Site Inspection
2. Chapter 15 Host Security for Servers
  1. Current Host Security Problems
  2. Securing the Host Computer
  3. Minimizing Risk by Minimizing Services
  4. Operating Securely
  5. Secure Remote Access and Content Updating
  6. Firewalls and the Web
  7. Conclusion
3. Chapter 16 Securing Web Applications
  1. A Legacy of Extensibility and Risk
  2. Rules to Code By
  3. Securely Using Fields, Hidden Fields, and Cookies
  4. Rules for Programming Languages
  5. Using PHP Securely
  6. Writing Scripts That Run with Additional Privileges
  7. Connecting to Databases
  8. Conclusion
4. Chapter 17 Deploying SSL Server Certificates
  1. Planning for Your SSL Server
  2. Creating SSL Servers with FreeBSD
  3. Installing an SSL Certificate on Microsoft IIS
  4. Obtaining a Certificate from a Commercial CA
  5. When Things Go Wrong
5. Chapter 18 Securing Your Web Service
  1. Protecting Via Redundancy
  2. Protecting Your DNS
  3. Protecting Your Domain Registration
6. Chapter 19 Computer Crime
  1. Your Legal Options After a Break-In
  2. Criminal Hazards
  3. Criminal Subject Matter
Security for Content Providers
1. Chapter 20 Controlling Access to Your Web Content
  1. Access Control Strategies
  2. Controlling Access with Apache
  3. Controlling Access with Microsoft IIS
2. Chapter 21 Client-Side Digital Certificates
  1. Client Certificates
  2. A Tour of the VeriSign Digital ID Center
3. Chapter 22 Code Signing and Microsoft's Authenticode
  1. Why Code Signing?
  2. Microsoft's Authenticode Technology
  3. Obtaining a Software Publishing Certificate
  4. Other Code Signing Methods
4. Chapter 23 Pornography, Filtering Software, and Censorship
  1. Pornography Filtering
  2. PICS
  3. RSACi
  4. Conclusion
5. Chapter 24 Privacy Policies, Legislation, and P3P
  1. Policies That Protect Privacy and Privacy Policies
  2. Children's Online Privacy Protection Act
  3. P3P
  4. Conclusion
6. Chapter 25 Digital Payments
  1. Charga-Plates, Diners Club, and Credit Cards
  2. Internet-Based Payment Systems
  3. How to Evaluate a Credit Card Payment System
7. Chapter 26 Intellectual Property and Actionable Content
  1. Copyright
  2. Patents
  3. Trademarks
  4. Actionable Content
Appendixes
1. Appendix A Lessons from Vineyard.NET
  1. In the Beginning
  2. Planning and Preparation
  3. IP Connectivity
  4. Commercial Start-Up
  5. Ongoing Operations
  6. Redundancy and Wireless
  7. The Big Cash-Out
  8. Conclusion
2. Appendix B The SSL/TLS Protocol
  1. History
  2. TLS Record Layer
  3. SSL/TLS Protocols
  4. SSL 3.0/TLS Handshake
3. Appendix C P3P: The Platform for Privacy Preferences Project
  1. How P3P Works
  2. Deploying P3P
  3. Simple P3P-Enabled Web Site Example
4. Appendix D The PICS Specification
  1. Rating Services
  2. PICS Labels
5. Appendix E References
  1. Electronic References
  2. Paper References

Colophon

Return to Web Security, Privacy & Commerce

Table of Contents

Web Technology

Chapter 1 The Web Security Landscape

Chapter 2 The Architecture of the World Wide Web

Chapter 3 Cryptography Basics

Chapter 4 Cryptography and the Web

Chapter 5 Understanding SSL and TLS

Chapter 6 Digital Identification I: Passwords, Biometrics, and Digital Signatures

Chapter 7 Digital Identification II: Digital Certificates, CAs, and PKI

Privacy and Security for Users

Chapter 8 The Web's War on Your Privacy

Chapter 9 Privacy-Protecting Techniques

Chapter 10 Privacy-Protecting Technologies

Chapter 11 Backups and Antitheft

Chapter 12 Mobile Code I: Plug-Ins, ActiveX,and Visual Basic

Chapter 13 Mobile Code II: Java, JavaScript, Flash, and Shockwave

Web Server Security

Chapter 14 Physical Security for Servers

Chapter 15 Host Security for Servers

Chapter 16 Securing Web Applications

Chapter 17 Deploying SSL Server Certificates

Chapter 18 Securing Your Web Service

Chapter 19 Computer Crime

Security for Content Providers

Chapter 20 Controlling Access to Your Web Content

Chapter 21 Client-Side Digital Certificates

Chapter 22 Code Signing and Microsoft's Authenticode

Chapter 23 Pornography, Filtering Software, and Censorship

Chapter 24 Privacy Policies, Legislation, and P3P

Chapter 25 Digital Payments

Chapter 26 Intellectual Property and Actionable Content

Appendixes

Appendix A Lessons from Vineyard.NET

Appendix B The SSL/TLS Protocol

Appendix C P3P: The Platform for Privacy Preferences Project

Appendix D The PICS Specification

Appendix E References

Colophon