Web Security, Privacy and Commerce

Simson Garfinkel, Gene Spafford

800 pages, parution le 15/01/2002 (2^eme édition)

Ajouter à une liste

Indisponible

Résumé

Since the first edition of this classic reference was published, World Wide Web use has exploded and e-commerce has become a daily part of business and personal life. As Web use has grown, so have the threats to our security and privacy--from credit card fraud to routine invasions of privacy by marketers to web site defacements to attacks that shut down popular web sites.

Web Security, Privacy & Commerce goes behind the headlines, examines the major security risks facing us today, and explains how we can minimize them. It describes risks for Windows and Unix, Microsoft Internet Explorer and Netscape Navigator, and a wide range of current programs and products. In vast detail, the book covers:

Web technology--The technological underpinnings of the modern Internet and the cryptographic foundations of e-commerce are discussed, along with SSL (the Secure Sockets Layer), the significance of the PKI (Public Key Infrastructure), and digital identification, including passwords, digital signatures, and biometrics.
Web privacy and security for users--Learn the real risks to user privacy, including cookies, log files, identity theft, spam, web logs, and web bugs, and the most common risk, users' own willingness to provide e-commerce sites with personal information. Hostile mobile code in plug-ins, ActiveX controls, Java applets, and JavaScript, Flash, and Shockwave programs are also covered.
Web server security--Administrators and service providers discover how to secure their systems and web services. Topics include CGI, PHP, SSL certificates, law enforcement issues, and more.
Web content security--Zero in on web publishing issues for content providers, including intellectual property, copyright and trademark issues, P3P and privacy policies, digital payments, client-side digital signatures, code signing, pornography filtering and PICS, and other controls on web content.

Nearly double the size of the first edition, this completely updated volume is destined to be the definitive reference on Web security risks and the techniques and technologies you can use to protect your privacy, your organization, your system, and your network.

Contents

Preface

Part I: Web Technology

1: The Web Security Landscape
2: The Architecture of the World Wide Web
3: Cryptography Basics
4: Cryptography and the Web
5: Understanding SSL and TLS
6: Digital Identification I: Passwords, Biometrics, and Digital Signatures
7: Digital Identification II: Digital Certificates, CAs, and PKI

Part II: Privacy and Security for Users

8: The Web's War on Your Privacy
9: Privacy-Protecting Techniques
10: Privacy-Protecting Technologies
11: Backups and Antitheft
12: Mobile Code I: Plug-Ins, ActiveX, and Visual Basic
13: Mobile Code II: Java, JavaScript, Flash, and Shockwave

Part III: Web Server Security

14: Physical Security for Servers
15: Host Security for Servers
16: Securing Web Applications
17: Deploying SSL Server Certificates
18: Securing Your Web Service
19: Computer Crime

Part IV: Security for Content Providers

20: Controlling Access to Your Web Content
21: Client-Side Digital Certificates
22: Code Signing and Microsoft's Authenticode
23: Pornography, Filtering Software, and Censorship
24: Privacy Policies, Legislation, and P3P
25: Digital Payments
26: Intellectual Property and Actionable Content

Part V: Appendixes

A: Lessons from Vineyard.NET
B: The SSL/TLS Protocol
C: P3P: The Platform for Privacy Preferences Project
D: The PICS Specification
E: References

Index

L'auteur - Simson Garfinkel

Simson Garfinkel is a postdoctoral fellow at the Center for Research on Computers and Society at Harvard University's department of Electrical Engineering and Computer Science. He came to Harvard after completing his Ph.D. in Computer Security at MIT's Computer Science and Artificial Intelligence Laboratory, where he studied computer security, usability, and forensics. Garfinkel is also the founder of Sandstorm Enterprises, Inc., a supplier of computer security auditing tools. Garfinkel writes a monthly column on computer security for CSO Magazine, for which he has received the 2004 and 2005 Neal Business Journalism award. This is Garfinkel's 14th book; he doesn't have any free time.

L'auteur - Gene Spafford

Gene Spafford, Ph.D., CISSP, is an internationally renowned scientist and educator who has been working in information security, policy, cybercrime, and software engineering for nearly two decades. He is a professor at Purdue University and is the director of CERIAS, the world's premier multidisciplinary academic center for information security and assurance. Professor Spafford and his students have pioneered a number of technologies and concepts well-known in security today, including the COPS and Tripwire tools, two-stage firewalls, and vulnerability databases. Spaf, as he is widely known, has achieved numerous professional honors recognizing his teaching, his research, and his professional service. These include being named a fellow of the AAAS, the ACM, and the IEEE; receiving the National Computer Systems Security Award; receiving the William Hugh Murray Medal of the NCISSE; election to the ISSA Hall of Fame; and receiving the Charles Murphy Award at Purdue. He was named a CISSP, honoris causa in 2000. In addition to over 100 technical reports and articles on his research, Spaf is also the coauthor of Web Security, Privacy, and Commerce, and was the consulting editor for Computer Crime: A Crimefighters Handbook (both from O'Reilly).

Caractéristiques techniques

	PAPIER
Éditeur(s)	O'Reilly
Auteur(s)	Simson Garfinkel, Gene Spafford
Parution	15/01/2002
Édition	2^eme édition
Nb. de pages	800
Format	17,8 x 23,3
Couverture	Broché
Poids	815g
Intérieur	Noir et Blanc
EAN13	9780596000455
ISBN13	978-0-596-00045-5