Web Security, Privacy & Commerce: Security for Users, Administrators and ISPs (Paperback, 2, Expanded & Upda)

Preface

Part I. Web Technology

1. The Web Security Landscape
The Web Security Problem
Risk Analysis and Best Practices

2. The Architecture of the World Wide Web
History and Terminology
A Packet's Tour of the Web
Who Owns the Internet?

3. Cryptography Basics
Understanding Cryptography
Symmetric Key Algorithms
Public Key Algorithms
Message Digest Functions

4. Cryptography and the Web
Cryptography and Web Security
Working Cryptographic Systems and Protocols
What Cryptography Can't Do
Legal Restrictions on Cryptography

5. Understanding SSL and TLS
What Is SSL?
SSL: The User's Point of View

6. Digital Identification I: Passwords, Biometrics, and Digital Signatures
Physical Identification
Using Public Keys for Identification
Real-World Public Key Examples

7. Digital Identification II: Digital Certificates, CAs, and PKI
Understanding Digital Certificates with PGP
Certification Authorities: Third-Party Registrars
Public Key Infrastructure
Open Policy Issues

Part II. Privacy and Security for Users

8. The Web's War on Your Privacy
Understanding Privacy
User-Provided Information
Log Files
Understanding Cookies
Web Bugs
Conclusion

9. Privacy-Protecting Techniques
Choosing a Good Service Provider
Picking a Great Password
Cleaning Up After Yourself
Avoiding Spam and Junk Email
Identity Theft

10. Privacy-Protecting Technologies
Blocking Ads and Crushing Cookies
Anonymous Browsing
Secure Email

11. Backups and Antitheft
Using Backups to Protect Your Data
Preventing Theft

12. Mobile Code I: Plug-Ins, ActiveX, and Visual Basic
When Good Browsers Go Bad
Helper Applications and Plug-ins
Microsoft's ActiveX
The Risks of Downloaded Code
Conclusion

13. Mobile Code II: Java, JavaScript, Flash, and Shockwave
Java
JavaScript
Flash and Shockwave
Conclusion

Part III. Web Server Security

14. Physical Security for Servers
Planning for the Forgotten Threats
Protecting Computer Hardware
Protecting Your Data
Personnel
Story: A Failed Site Inspection

15. Host Security for Servers
Current Host Security Problems
Securing the Host Computer
Minimizing Risk by Minimizing Services
Operating Securely
Secure Remote Access and Content Updating
Firewalls and the Web
Conclusion

16. Securing Web Applications
A Legacy of Extensibility and Risk
Rules to Code By
Securely Using Fields, Hidden Fields, and Cookies
Rules for Programming Languages
Using PHP Securely
Writing Scripts That Run with Additional Privileges
Connecting to Databases
Conclusion

17. Deploying SSL Server Certificates
Planning for Your SSL Server
Creating SSL Servers with FreeBSD
Installing an SSL Certificate on Microsoft IIS
Obtaining a Certificate from a Commercial CA
When Things Go Wrong

18. Securing Your Web Service
Protecting Via Redundancy
Protecting Your DNS
Protecting Your Domain Registration

19. Computer Crime
Your Legal Options After a Break-In
Criminal Hazards
Criminal Subject Matter

Part IV. Security for Content Providers

20. Controlling Access to Your Web Content
Access Control Strategies
Controlling Access with Apache
Controlling Access with Microsoft IIS

21. Client-Side Digital Certificates
Client Certificates
A Tour of the VeriSign Digital ID Center

22. Code Signing and Microsoft's Authenticode
Why Code Signing?
Microsoft's Authenticode Technology
Obtaining a Software Publishing Certificate
Other Code Signing Methods

23. Pornography, Filtering Software, and Censorship
Pornography Filtering
PICS
RSACi
Conclusion

24. Privacy Policies, Legislation, and P3P
Policies That Protect Privacy and Privacy Policies
Children's Online Privacy Protection Act
P3P
Conclusion

25. Digital Payments
Charga-Plates, Diners Club, and Credit Cards
Internet-Based Payment Systems
How to Evaluate a Credit Card Payment System

26. Intellectual Property and Actionable Content
Copyright
Patents
Trademarks
Actionable Content

Part V. Appendixes

A. Lessons from Vineyard.NET

B. The SSL/TLS Protocol

C. P3P: The Platform for Privacy Preferences Project

D. The PICS Specification

E. References

Index