Copyright ©1998-2010 Glenn Fleishman. Send in your comments. Bibliographic information on isbn.nu licensed from Baker & Taylor. Contact them for corrections and licensing, or read more about our data.
Tables of Contents for Web Security, Privacy, and Commerce
Chapter/Section Title
Page #
Page Count
Preface
xi
Part I. Web Technology
The Web Security Landscape
3
10
The Web Security Problem
3
7
Risk Analysis and Best Practices
10
3
The Architecture of the World Wide Web
13
33
History and Terminology
13
7
A Packet's Tour of the Web
20
13
Who Owns the Internet?
33
13
Cryptography Basics
46
32
Understanding Cryptography
46
7
Symmetric Key Algorithms
53
12
Public Key Algorithms
65
6
Message Digest Functions
71
7
Cryptography and the Web
78
29
Cryptography and Web Security
78
3
Working Cryptographic Systems and Protocols
81
7
What Cryptography Can't Do
88
2
Legal Restrictions on Cryptography
90
17
Understanding SSL and TLS
107
12
What Is SSL?
107
8
SSL: The User's Point of View
115
4
Digital Identification I: Passwords, Biometrics, and Digital Signatures
119
34
Physical Identification
119
11
Using Public Keys for Identification
130
10
Real-World Public Key Examples
140
13
Digital Identification II: Digital Certificates, CAs, and PKI
153
50
Understanding Digital Certificates with PGP
153
7
Certification Authorities: Third-Party Registrars
160
14
Public Key Infrastructure
174
13
Open Policy Issues
187
16
Part II. Privacy and Security for Users
The Web's War on Your Privacy
203
27
Understanding Privacy
204
3
User-Provided Information
207
3
Log Files
210
6
Understanding Cookies
216
9
Web Bugs
225
4
Conclusion
229
1
Privacy-Protecting Techniques
230
32
Choosing a Good Service Provider
230
1
Picking a Great Password
231
11
Cleaning Up After Yourself
242
10
Avoiding Spam and Junk Email
252
4
Identity Theft
256
6
Privacy-Protecting Technologies
262
22
Blocking Ads and Crushing Cookies
262
6
Anonymous Browsing
268
7
Secure Email
275
9
Backups and Antitheft
284
14
Using Backups to Protect Your Data
284
11
Preventing Theft
295
3
Mobile Code I: Plug-Ins, ActiveX, and Visual Basic
298
29
When Good Browsers Go Bad
299
5
Helper Aplications and Plug-ins
304
4
Microsoft's ActiveX
308
10
The Risks of Downloaded Code
318
8
Conclusion
326
1
Mobile Code II: Java, JavaScript, Flash, and Shockwave
327
36
Java
327
19
JavaScript
346
12
Flash and Shockwave
358
1
Conclusion
359
4
Part III. Web Server Security
Physical Security for Servers
363
33
Planning for the Forgotten Threats
363
3
Protecting Computer Hardware
366
15
Protecting Your Data
381
11
Personnel
392
1
Story: A Failed Site Inspection
392
4
Host Security for Servers
396
39
Current Host Security Problems
397
8
Securing the Host Computer
405
6
Minimizing Risk by Minimizing Services
411
2
Operating Securely
413
10
Secure Remote Access and Content Updating
423
8
Firewalls and the Web
431
2
Conclusion
433
2
Securing Web Applications
435
37
A Legacy of Extensibility and Risk
435
8
Rules to Code By
443
5
Securely Using Fields, Hidden Fields, and Cookies
448
6
Rules for Programming Languages
454
3
Using PHP Securely
457
10
Writing Scripts That Run with Additional Privileges
467
1
Connecting to Databases
468
3
Conclusion
471
1
Deploying SSL Server Certificates
472
38
Planning for Your SSL Server
472
5
Creating SSL Servers with FreeBSD
477
24
Installing an SSL Certificate on Microsoft IIS
501
2
Obtaining a Certificate from a Commercial CA
503
3
When Things Go Wrong
506
4
Securing Your Web Service
510
7
Protecting Via Redundancy
510
4
Protecting Your DNS
514
1
Protecting Your Domain Registration
515
2
Computer Crime
517
16
Your Legal Options After a Break-In
517
6
Criminal Hazards
523
3
Criminal Subject Matter
526
7
Part IV. Security for Content Providers
Controlling Access to Your Web Content
533
17
Access Control Strategies
533
5
Controlling Access with Apache
538
7
Controlling Access with Microsoft IIS
545
5
Client-Side Digital Certificates
550
10
Client Certificates
550
3
A Tour of the Veri Sign Digital ID Center
553
7
Code Signing and Microsoft's Authenticode
560
19
Why Code Signing?
560
4
Microsoft's Authenticode Technology
564
13
Obtaining a Software Publishing Certificate
577
1
Other Code Signing Methods
577
2
Pornography, Filtering Software, and Censorship
579
13
Pornography Filtering
579
3
PICS
582
7
RSACi
589
2
Conclusion
591
1
Privacy Policies, Legislation, and P3P
592
18
Policies That Protect Privacy and Privacy Policies
592
9
Children's Online Privacy Protection Act
601
5
P3P
606
3
Conclusion
609
1
Digital Payments
610
32
Charga-Plates, Diners Club, and Credit Cards
610
10
Internet-Based Payment Systems
620
20
How to Evaluate a Credit Card Payment System
640
2
Intellectual Property and Actionable Content
642
93
Copyright
642
3
Patents
645
1
Trademarks
646
4
Actionable Content
650
5
Part V. Appendixes
A. Lessons from Vineyard.NET
655
33
B. The SSL/TLS Protocol
688
11
C. P3P: The Platform for Privacy Preferences Project
699
9
D. The PICS Specification
708
8
E. References
716
19
Index
735