Web Security and Commerce

Description

Learn how to minimize the risks of the Web with this comprehensive guide. It covers browser vulnerabilities, privacy concerns, issues with Java, JavaScript, ActiveX, and plug-ins, digital certificates, cryptography, Web server security, blocking software, censorship technology, and relevant civil and criminal issues.

Full Description

Table of Contents

Introduction
1. Chapter 1 The Web Security Landscape
  1. Web Security in a Nutshell
  2. The Web Security Problem
  3. Credit Cards, Encryption, and the Web
  4. Firewalls: Part of the Solution
  5. Risk Management
User Safety
1. Chapter 2 The Buggy Browser: Evolution of Risk
  1. Browser History
  2. Data-Driven Attacks
  3. Implementation Flaws: A Litany of Bugs
2. Chapter 3 Java and JavaScript
  1. Java
  2. JavaScript
  3. Denial-of-Service Attacks
  4. JavaScript-Enabled Spoofing Attacks
  5. Conclusion
3. Chapter 4 Downloading Machine Code with ActiveX and Plug-Ins
  1. When Good Browsers Go Bad
  2. Netscape Plug-Ins
  3. ActiveX and Authenticode
  4. The Risks of Downloaded Code
  5. Is Authenticode a Solution?
  6. Improving the Security of Downloaded Code
4. Chapter 5 Privacy
  1. Log Files
  2. Cookies
  3. Personally Identifiable Information
  4. Anonymizers
  5. Unanticipated Disclosure
Digital Certificates
1. Chapter 6 Digital Identification Techniques
  1. Identification
  2. Public Key Infrastructure
  3. Problems Building a Public Key Infrastructure
  4. Ten Policy Questions
2. Chapter 7 Certification Authorities and Server Certificates
  1. Certificates Today
  2. Certification Authority Certificates
  3. Server Certificates
  4. Conclusion
3. Chapter 8 Client-Side Digital Certificates
  1. Client Certificates
  2. A Tour of the VeriSign Digital ID Center
4. Chapter 9 Code Signing and Microsoft's Authenticode
  1. Why Code Signing?
  2. Microsoft's Authenticode Technology
  3. Obtaining a Software Publisher's Certificate
  4. Other Code Signing Methods
Cryptography
1. Chapter 10 Cryptography Basics
  1. Understanding Cryptography
  2. Symmetric Key Algorithms
  3. Public Key Algorithms
  4. Message Digest Functions
  5. Public Key Infrastructure
2. Chapter 11 Cryptography and the Web
  1. Cryptography and Web Security
  2. Today's Working Encryption Systems
  3. U.S. Restrictions on Cryptography
  4. Foreign Restrictions on Cryptography
3. Chapter 12 Understanding SSL and TLS
  1. What Is SSL?
  2. TLS Standards Activities
  3. SSL: The User's Point of View
Web Server Security
1. Chapter 13 Host and Site Security
  1. Historically Unsecure Hosts
  2. Current Major Host Security Problems
  3. Minimizing Risk by Minimizing Services
  4. Secure Content Updating
  5. Back-End Databases
  6. Physical Security
2. Chapter 14 Controlling Access to Your Web Server
  1. Access Control Strategies
  2. Implementing Access Controls with <Limit> Blocks
  3. A Simple User Management System
3. Chapter 15 Secure CGI/API Programming
  1. The Danger of Extensibility
  2. Rules To Code By
  3. Specific Rules for Specific Programming Languages
  4. Tips on Writing CGI Scripts That Run with Additional Privileges
  5. Conclusion
Commerce and Society
1. Chapter 16 Digital Payments
  1. Charga-Plates, Diners Club, and Credit Cards
  2. Internet-Based Payment Systems
  3. How to Evaluate a Credit Card Payment System
2. Chapter 17 Blocking Software and Censorship Technology
  1. Blocking Software
  2. PICS
  3. RSACi
3. Chapter 18 Legal Issues: Civil
  1. Intellectual Property
  2. Torts
4. Chapter 19 Legal Issues: Criminal
  1. Your Legal Options After a Break-In
  2. Criminal Hazards That May Await You
  3. Criminal Subject Matter
  4. Play it Safe . . .
  5. Laws and Activism
Appendixes
1. Appendix A Lessons from Vineyard.NET
  1. Planning and Preparation
  2. IP Connectivity
  3. Commercial Start-Up
  4. Ongoing Operations
  5. Conclusion
2. Appendix B Creating and Installing WebServer Certificates
  1. Downloading and Installing Your Web Server
  2. Apache-SSL
3. Appendix C The SSL 3.0 Protocol
  1. History
  2. SSL 3.0 Record Layer
  3. SSL 3.0 Protocols
  4. SSL 3.0 Handshake
  5. SSLeay
4. Appendix D The PICS Specification
  1. Rating Services
  2. PICS Labels
5. Appendix E References
  1. Electronic References
  2. Paper References

Colophon

Product Details

Title:

Web Security and Commerce

By:

Simson Garfinkel, Gene Spafford

Publisher:

O'Reilly Media

Formats:

Print
Safari Books Online

Print Release:

June 1997

Pages:

506

Print ISBN:

978-1-56592-269-3

| ISBN 10:

1-56592-269-7

Customer Reviews

About the Authors

Simson Garfinkel

Simson Garfinkel, CISSP, is a journalist, entrepreneur, and international authority on computer security. Garfinkel is chief technology officer at Sandstorm Enterprises, a Boston-based firm that develops state-of-the-art computer security tools. Garfinkel is also a columnist for Technology Review Magazine and has written for more than 50 publications, including Computerworld, Forbes, and The New York Times. He is also the author of Database Nation; Web Security, Privacy, and Commerce; PGP: Pretty Good Privacy; and seven other books. Garfinkel earned a master's degree in journalism at Columbia University in 1988 and holds three undergraduate degrees from MIT. He is currently working on his doctorate at MIT's Laboratory for Computer Science.

View Simson Garfinkel's full profile page.
Gene Spafford

Gene Spafford, Ph.D., CISSP, is an internationally renowned scientist and educator who has been working in information security, policy, cybercrime, and software engineering for nearly two decades. He is a professor at Purdue University and is the director of CERIAS, the world's premier multidisciplinary academic center for information security and assurance. Professor Spafford and his students have pioneered a number of technologies and concepts well-known in security today, including the COPS and Tripwire tools, two-stage firewalls, and vulnerability databases. Spaf, as he is widely known, has achieved numerous professional honors recognizing his teaching, his research, and his professional service. These include being named a fellow of the AAAS, the ACM, and the IEEE; receiving the National Computer Systems Security Award; receiving the William Hugh Murray Medal of the NCISSE; election to the ISSA Hall of Fame; and receiving the Charles Murphy Award at Purdue. He was named a CISSP, honoris causa in 2000. In addition to over 100 technical reports and articles on his research, Spaf is also the coauthor of Web Security, Privacy, and Commerce, and was the consulting editor for Computer Crime: A Crimefighters Handbook (both from O'Reilly).

View Gene Spafford's full profile page.

Colophon

Our look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects. The fish featured on the cover of Web Security & Commerce is a whale shark. Sharks have lived on the Earth for over 300 million years, and populate all the oceans of the world (as well as some freshwater lakes and rivers). They are related to skates and rays, differing from ordinary bony fish in having a cartilaginous skeleton that makes their bodies unusually flexible. Unlike bony fish, sharks give birth to live young, in small litters.

A common misconception about sharks is that they need to keep swimming at all times. While they do need to move their fins constantly in order to stay afloat, many species of sharks like to rest on the bottom of the ocean floor.

Sharks make excellent predators because of their well-developed sensory system (not to mention their big, sharp teeth). They have excellent eyesight and an unusually keen sense of smell; they are known to be able to locate prey from a single drop of blood. Sharks can also sense electrical currents in the water indicating the presence of other fish. They retain several rows of teeth, which roll outward to replace those that are lost.

The whale shark, on the other hand, is a kinder, gentler shark. Whale sharks (Rhinocodon typus) have a large flat head, a wide mouth, and tiny teeth. As a filter feeder, they feed primarily on plankton and small fish. They have distinctive spotted markings on their fins and dorsal sides. Whale sharks are so named because of their size: they may weigh more than 18 metric tons and measure up to 60 feet long. They are the largest species of fish alive today.

Whale sharks live in tropical and temperate seas. They pose little or no risk to humans. In fact, whale sharks are considered a particular treat to divers, since they are impressive in size but are slow-moving and not aggressive. Edie Freedman designed the cover of this book, using a 19th-century engraving from the Dover Pictorial Archive. The cover layout was produced with Quark XPress 3.3 using the ITC Garamond font.

The inside layout was designed by Edie Freedman and Nancy Priest and implemented in FrameMaker 5.0 by Mike Sierra. The text and heading fonts are ITC Garamond Light and Garamond Book. The illustrations that appear in the book were created in Macromedia Freehand 5.0 by Chris Reilley. This colophon was written by Linda Mui.

O'Reilly Books & Videos

Introduction

Chapter 1 The Web Security Landscape

User Safety

Chapter 2 The Buggy Browser: Evolution of Risk

Chapter 3 Java and JavaScript

Chapter 4 Downloading Machine Code with ActiveX and Plug-Ins

Chapter 5 Privacy

Digital Certificates

Chapter 6 Digital Identification Techniques

Chapter 7 Certification Authorities and Server Certificates

Chapter 8 Client-Side Digital Certificates

Chapter 9 Code Signing and Microsoft's Authenticode

Cryptography

Chapter 10 Cryptography Basics

Chapter 11 Cryptography and the Web

Chapter 12 Understanding SSL and TLS

Web Server Security

Chapter 13 Host and Site Security

Chapter 14 Controlling Access to Your Web Server

Chapter 15 Secure CGI/API Programming

Commerce and Society

Chapter 16 Digital Payments

Chapter 17 Blocking Software and Censorship Technology

Chapter 18 Legal Issues: Civil

Chapter 19 Legal Issues: Criminal

Appendixes

Appendix A Lessons from Vineyard.NET

Appendix B Creating and Installing WebServer Certificates

Appendix C The SSL 3.0 Protocol

Appendix D The PICS Specification

Appendix E References

Colophon

Simson Garfinkel

Gene Spafford