Web Security, Privacy, and Commerce



Similar documents
Rails Cookbook. Rob Orsini. O'REILLY 8 Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo

NETWORK SECURITY HACKS

What is Web Security? Motivation

Designing and Coding Secure Systems

Contents Introduction xxvi Chapter 1: Understanding the Threats: Viruses, Trojans, Mail Bombers, Worms, and Illicit Servers

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

CalREDIE Browser Requirements

How To Understand The History Of The Web (Web)

Exchange Server Cookbook

Xerox DocuShare Security Features. Security White Paper

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire

CNT Computer and Network Security Review/Wrapup

sendmail Cookbook Craig Hunt O'REILLY' Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo

I. Supported Browsers. II. Internet Browser Settings


Certified E-commerce Consultant (CEC)

Technical Certificates Overview

Eleventh Hour Security+

BlackShield ID Agent for Remote Web Workplace

Cryptography and network security CNET4523

PLATO Learning Environment System and Configuration Requirements for workstations. October 27th, 2008

vcloud Director User's Guide

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

NETWORK SECURITY HACKS *

Detailed Table of Contents

Figure 9-1: General Application Security Issues. Application Security: Electronic Commerce and . Chapter 9

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

Joseph Migga Kizza. A Guide to Computer Network Security. 4) Springer

SECURE APPLICATION DEVELOPMENT CODING POLICY OCIO TABLE OF CONTENTS

Managed Services PKI 60-day Trial Quick Start Guide

BlackBerry Enterprise Server for Microsoft Office 365 preinstallation checklist


EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

Elgg 1.8 Social Networking

WINDOWS SERVER HACKS. HLuHB Darmstadt. O'REILLY 5 Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

By Jan De Clercq. Understanding. and Leveraging SSL-TLS. for Secure Communications

ERIE COMMUNITY COLLEGE COURSE OUTLINE A. COURSE TITLE: CS WEB DEVELOPMENT AND PROGRAMMING FUNDAMENTALS

RSA Security Analytics

Schneps, Leila; Colmez, Coralie. Math on Trial : How Numbers Get Used and Abused in the Courtroom. New York, NY, USA: Basic Books, p i.

I. Introduction to Privacy: Common Principles and Approaches

Using Entrust certificates with VPN

PLATO Learning Environment 2.0 System and Configuration Requirements. Dec 1, 2009

Simple Guide to Digital Signatures

Windows 8 Hacks O'REILLY* Preston Gralla. Beijing. Cambridge Famham. Koln Sebastopol Tokyo

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Entrust Managed Services PKI Administrator Guide

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

PLATO Learning Environment System and Configuration Requirements. for workstations. April 14, 2008

Jenkins: The Definitive Guide

Interstage Application Server V7.0 Single Sign-on Operator's Guide

Computer Security Literacy

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

BlackBerry Enterprise Service 10 version 10.2 preinstallation and preupgrade checklist

Introduction to E-commerce

Linux Web Based VPN Connectivity Details and Instructions

How Web Browsers Work

Apache Security with SSL Using Ubuntu

SEZ SEZ Online Manual Digital Signature Certficate [DSC] V Version 1.2

Windows Server Update Services 3.0 SP2 Operations Guide

Network Security: A Practical Approach. Jan L. Harrington

Protecting Your Name on the Internet The Business Benefits of Extended Validation SSL Certificates

OIT 307/ OIT 218: Web Programming

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE

Windows Web Based VPN Connectivity Details & Instructions

Chapter 8. Network Security

Overview of WebMux Load Balancer and Live Communications Server 2005

Network Security - ISA 656 Review

How To Secure Your Data Center From Hackers

Asia Web Services Ltd. (vpshosting.com.hk)

GFSU Certified Cyber Crime Investigator GFSU-CCCI. Training Partner. Important dates for all batches

Release System Administrator s Guide

FileMaker Server 12. Getting Started Guide

Programming Flash Communication Server

F-Secure Messaging Security Gateway. Deployment Guide

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

FileMaker Server 13. Getting Started Guide

Pre-Installation Instructions

Education Software Installer 2011

MEGA Web Application Architecture Overview MEGA 2009 SP4

Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security

CTS2134 Introduction to Networking. Module Network Security

SECURITY DOCUMENT. BetterTranslationTechnology

Information Security Basic Concepts

Hardening Guide. Installation Guide

Windows Vista The Definitive Guide

Obtaining a digital signature certificate

ADP Workforce Now Security Guide. Version 2.0-1

Computer Security Basics

ISM/ISC Middleware Module

EJBCA with GemSAFE Toolbox Part1 Workstation Logon

The Importance of Patching Non-Microsoft Applications

TECHNICAL NOTE Stormshield Network Firewall AUTOMATIC BACKUPS. Document version: 1.0 Reference: snentno_autobackup

SMART Vantage. Installation guide

Transcription:

SECOND EDITION Web Security, Privacy, and Commerce Simson Garfinkel with Gene Spafford O'REILLT Beijing Cambridge Famham Köln Paris Sebastopol Taipei Tokyo

Table of Contents Preface xi Part I. Web Technology 1. The Web Security Landscape 3 The Web Security Problem 3 Risk Analysis and Best Practices 10 2. The Architecture of the World Wide Web 13 History and Terminology 13 APacket's Tour of the Web 20 Who Owns the Internet? 33 3. Cryptography Basics 46 Understanding Cryptography 46 Symmetrie Key Algorithms 53 Public Key Algorithms 65 Message Digest Functions 71 4. Cryptography and the Web 78 Cryptography and Web Security 78 Working Cryptographic Systems and Protocols 81 What Cryptography Can't Do 88 Legal Restrictions on Cryptography 90 5. Understanding SSL and TLS 107 What Is SSL? 107 SSL: The User's Point of View 115 v

6. Digital Identification I: Passwords, Biometrics, and Digital Signatures... 119 Physical Identification 119 Using Public Keys for Identification 130 Real-World Public Key Examples 140 7. Digital Identification II: Digital Certificates, CAs, and PKI 153 Understanding Digital Certificates with PGP 153 Certification Authorities: Third-Party Registrars 160 Public Key Infrastructure 174 Open Policy Issues 187 Part II. Privacy and Security for Users 8. The Web's War onyour Privacy 203 Understanding Privacy 204 User-Provided Information 207 Log Files 210 Understanding Cookies 216 Web Bugs 225 Conclusion 229 9. Privacy-Protecting Techniques 230 Choosing a Good Service Provider 230 Picking a Great Password 231 Cleaning Up After Yourself 242 Avoiding Spam and Junk Email 252 Identity Theft 256 10. Privacy-Protecting Technologies 262 Blocking Ads and Crushing Cookies 262 Anonymous Browsing 268 Secure Email 275 11. BackupsandAntitheft 284 Using Backups to Protect Your Data 284 Preventing Theft 295 12. Mobile Code I: Plug-ins, ActiveX, and Visual Basic.298 When Good Browsers Go Bad 299 Helper Applications and Plug-ins 304 vi Table of Contents

Microsoft's ActiveX 308 The Risks of Downloaded Code 318 Conclusion 326 13. Mobile Code II: Java, JavaScript, Flash, and Shockwave 327 Java 327 JavaScript 346 Flash and Shockwave 358 Conclusion 359 Part III. Web Server Security 14. Physical Security for Servers 363 Planning for the Forgotten Threats 363 Protecting Computer Hardware 366 Protecting Your Data 381 Personnel 392 Story: A Failed Site Inspection 392 15. Host Security for Servers 396 Current Host Security Problems 397 Securing the Host Computer 405 Minimizing Risk by Minimizing Services 411 Operating Securely 413 Secure Remote Access and Content Updating 423 Firewalls and the Web 431 Conclusion 433 16. Securing Web Applications 435 A Legacy of Extensibility and Risk 435 Rules to Code By 443 Securely Using Fields, Hidden Fields, and Cookies 448 Rules for Programming Languages 454 Using PHP Securely 457 Writing Scripts That Run with Additional Privileges 467 Connecting to Databases 468 Conclusion 471 Table of Contents vii

17. Deploying SSL Server Certificates 472 Planning for Your SSL Server 472 Creating SSL Servers with FreeBSD 477 Installing an SSL Certificate on Microsoft IIS 501 Obtaining a Certificate from a Commercial CA 503 When Things Go Wrong 506 18. Securing Your Web Service 510 Protecting Via Redundancy 510 Protecting Your DNS ' 514 Protecting Your Domain Registration 515 19. ComputerCrime 517 Your Legal Options After a Break-In 517 Criminal Hazards 523 Criminal Subject Matter 526 Part IV. Security for Content Providers 20. Controlling Access to Your Web Content 533 Access Control Strategies 533 Controlling Access with Apache 538 Controlling Access with Microsoft IIS 545 21. Client-Side Digital Certificates 550 Client Certificates 550 A Tour of the VeriSign Digital ID Center 553 22. Code Signing and Microsoft's Authenticode 560 Why Code Signing? 560 Microsoft's Authenticode Technology 564 Obtaining a Software Publishing Certificate 577 Other Code Signing Methods 577 23. Pornography, Filtering Software, and Censorship 579 Pornography Filtering 579 PICS 582 RSACi 589 Conclusion 591 viii Table of Contents

24. Privacy Policies, Legislation, and P3P 592 Policies That Protect Privacy and Privacy Policies 592 Children's Online Privacy Protection Act 601 P3P 606 Conclusion 609 25. Digital Payments 610 Charga-Plates, Diners Club, and Credit Cards 610 Internet-Based Payment Systems 620 How to Evaluate a Credit Card Payment System 640 26. Intellectual Property and Actionabie Content 642 Copyright 642 Patents 645 Trademarks 646 Actionabie Content 650 Part V. Appendixes A. LessonsfromVineyard.NET 655 B. TheSSL/TLSProtocol 688 C. P3P: The Platform for Privacy Preferences Project 699 D. The PICS Specification 708 E. References 716 Index 735 Table of Contents ix

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information