Web Security and Commerce | O'Reilly Media

Web Security and Commerce By Simson Garfinkel
With Gene Spafford
June 1997
Pages: 500

| Table of Contents | Index | Sample Chapter | Colophon

Introduction
1. Chapter 1 The Web Security Landscape
  1. Web Security in a Nutshell
  2. The Web Security Problem
  3. Credit Cards, Encryption, and the Web
  4. Firewalls: Part of the Solution
  5. Risk Management
User Safety
1. Chapter 2 The Buggy Browser: Evolution of Risk
  1. Browser History
  2. Data-Driven Attacks
  3. Implementation Flaws: A Litany of Bugs
2. Chapter 3 Java and JavaScript
  1. Java
  2. JavaScript
  3. Denial-of-Service Attacks
  4. JavaScript-Enabled Spoofing Attacks
  5. Conclusion
3. Chapter 4 Downloading Machine Code with ActiveX and Plug-Ins
  1. When Good Browsers Go Bad
  2. Netscape Plug-Ins
  3. ActiveX and Authenticode
  4. The Risks of Downloaded Code
  5. Is Authenticode a Solution?
  6. Improving the Security of Downloaded Code
4. Chapter 5 Privacy
  1. Log Files
  2. Cookies
  3. Personally Identifiable Information
  4. Anonymizers
  5. Unanticipated Disclosure
Digital Certificates
1. Chapter 6 Digital Identification Techniques
  1. Identification
  2. Public Key Infrastructure
  3. Problems Building a Public Key Infrastructure
  4. Ten Policy Questions
2. Chapter 7 Certification Authorities and Server Certificates
  1. Certificates Today
  2. Certification Authority Certificates
  3. Server Certificates
  4. Conclusion
3. Chapter 8 Client-Side Digital Certificates
  1. Client Certificates
  2. A Tour of the VeriSign Digital ID Center
4. Chapter 9 Code Signing and Microsoft's Authenticode
  1. Why Code Signing?
  2. Microsoft's Authenticode Technology
  3. Obtaining a Software Publisher's Certificate
  4. Other Code Signing Methods
Cryptography
1. Chapter 10 Cryptography Basics
  1. Understanding Cryptography
  2. Symmetric Key Algorithms
  3. Public Key Algorithms
  4. Message Digest Functions
  5. Public Key Infrastructure
2. Chapter 11 Cryptography and the Web
  1. Cryptography and Web Security
  2. Today's Working Encryption Systems
  3. U.S. Restrictions on Cryptography
  4. Foreign Restrictions on Cryptography
3. Chapter 12 Understanding SSL and TLS
  1. What Is SSL?
  2. TLS Standards Activities
  3. SSL: The User's Point of View
Web Server Security
1. Chapter 13 Host and Site Security
  1. Historically Unsecure Hosts
  2. Current Major Host Security Problems
  3. Minimizing Risk by Minimizing Services
  4. Secure Content Updating
  5. Back-End Databases
  6. Physical Security
2. Chapter 14 Controlling Access to Your Web Server
  1. Access Control Strategies
  2. Implementing Access Controls with <Limit> Blocks
  3. A Simple User Management System
3. Chapter 15 Secure CGI/API Programming
  1. The Danger of Extensibility
  2. Rules To Code By
  3. Specific Rules for Specific Programming Languages
  4. Tips on Writing CGI Scripts That Run with Additional Privileges
  5. Conclusion
Commerce and Society
1. Chapter 16 Digital Payments
  1. Charga-Plates, Diners Club, and Credit Cards
  2. Internet-Based Payment Systems
  3. How to Evaluate a Credit Card Payment System
2. Chapter 17 Blocking Software and Censorship Technology
  1. Blocking Software
  2. PICS
  3. RSACi
3. Chapter 18 Legal Issues: Civil
  1. Intellectual Property
  2. Torts
4. Chapter 19 Legal Issues: Criminal
  1. Your Legal Options After a Break-In
  2. Criminal Hazards That May Await You
  3. Criminal Subject Matter
  4. Play it Safe . . .
  5. Laws and Activism
Appendixes
1. Appendix A Lessons from Vineyard.NET
  1. Planning and Preparation
  2. IP Connectivity
  3. Commercial Start-Up
  4. Ongoing Operations
  5. Conclusion
2. Appendix B Creating and Installing WebServer Certificates
  1. Downloading and Installing Your Web Server
  2. Apache-SSL
3. Appendix C The SSL 3.0 Protocol
  1. History
  2. SSL 3.0 Record Layer
  3. SSL 3.0 Protocols
  4. SSL 3.0 Handshake
  5. SSLeay
4. Appendix D The PICS Specification
  1. Rating Services
  2. PICS Labels
5. Appendix E References
  1. Electronic References
  2. Paper References

Colophon

Return to Web Security and Commerce

Table of Contents

Introduction

Chapter 1 The Web Security Landscape

User Safety

Chapter 2 The Buggy Browser: Evolution of Risk

Chapter 3 Java and JavaScript

Chapter 4 Downloading Machine Code with ActiveX and Plug-Ins

Chapter 5 Privacy

Digital Certificates

Chapter 6 Digital Identification Techniques

Chapter 7 Certification Authorities and Server Certificates

Chapter 8 Client-Side Digital Certificates

Chapter 9 Code Signing and Microsoft's Authenticode

Cryptography

Chapter 10 Cryptography Basics

Chapter 11 Cryptography and the Web

Chapter 12 Understanding SSL and TLS

Web Server Security

Chapter 13 Host and Site Security

Chapter 14 Controlling Access to Your Web Server

Chapter 15 Secure CGI/API Programming

Commerce and Society

Chapter 16 Digital Payments

Chapter 17 Blocking Software and Censorship Technology

Chapter 18 Legal Issues: Civil

Chapter 19 Legal Issues: Criminal

Appendixes

Appendix A Lessons from Vineyard.NET

Appendix B Creating and Installing WebServer Certificates

Appendix C The SSL 3.0 Protocol

Appendix D The PICS Specification

Appendix E References

Colophon