Web Security, Privacy and Commerce, 2nd Edition [Paperback]

Simson Garfinkel (Author)

Book Description

ISBN-10: 0596000456 | ISBN-13: 978-0596000455 | Publication Date: January 15, 2002 | Edition: Second Edition

Since the first edition of this classic reference was published, World Wide Web use has exploded and e-commerce has become a daily part of business and personal life. As Web use has grown, so have the threats to our security and privacy--from credit card fraud to routine invasions of privacy by marketers to web site defacements to attacks that shut down popular web sites.

Web Security, Privacy & Commerce goes behind the headlines, examines the major security risks facing us today, and explains how we can minimize them. It describes risks for Windows and Unix, Microsoft Internet Explorer and Netscape Navigator, and a wide range of current programs and products. In vast detail, the book covers:

• Web technology--The technological underpinnings of the modern Internet and the cryptographic foundations of e-commerce are discussed, along with SSL (the Secure Sockets Layer), the significance of the PKI (Public Key Infrastructure), and digital identification, including passwords, digital signatures, and biometrics.
• Web privacy and security for users--Learn the real risks to user privacy, including cookies, log files, identity theft, spam, web logs, and web bugs, and the most common risk, users' own willingness to provide e-commerce sites with personal information. Hostile mobile code in plug-ins, ActiveX controls, Java applets, and JavaScript, Flash, and Shockwave programs are also covered.
• Web server security--Administrators and service providers discover how to secure their systems and web services. Topics include CGI, PHP, SSL certificates, law enforcement issues, and more.
• Web content security--Zero in on web publishing issues for content providers, including intellectual property, copyright and trademark issues, P3P and privacy policies, digital payments, client-side digital signatures, code signing, pornography filtering and PICS, and other controls on web content.

Nearly double the size of the first edition, this completely updated volume is destined to be the definitive reference on Web security risks and the techniques and technologies you can use to protect your privacy, your organization, your system, and your network.

Editorial Reviews

About the Author

Simson Garfinkel, CISSP, is a journalist, entrepreneur, and international authority on computer security. Garfinkel is chief technology officer at Sandstorm Enterprises, a Boston-based firm that develops state-of-the-art computer security tools. Garfinkel is also a columnist for Technology Review Magazine and has written for more than 50 publications, including Computerworld, Forbes, and The New York Times. He is also the author of Database Nation; Web Security, Privacy, and Commerce; PGP: Pretty Good Privacy; and seven other books. Garfinkel earned a master's degree in journalism at Columbia University in 1988 and holds three undergraduate degrees from MIT. He is currently working on his doctorate at MIT's Laboratory for Computer Science.

Gene Spafford, Ph.D., CISSP, is an internationally renowned scientist and educator who has been working in information security, policy, cybercrime, and software engineering for nearly two decades. He is a professor at Purdue University and is the director of CERIAS, the world's premier multidisciplinary academic center for information security and assurance. Professor Spafford and his students have pioneered a number of technologies and concepts well-known in security today, including the COPS and Tripwire tools, two-stage firewalls, and vulnerability databases. Spaf, as he is widely known, has achieved numerous professional honors recognizing his teaching, his research, and his professional service. These include being named a fellow of the AAAS, the ACM, and the IEEE; receiving the National Computer Systems Security Award; receiving the William Hugh Murray Medal of the NCISSE; election to the ISSA Hall of Fame; and receiving the Charles Murphy Award at Purdue. He was named a CISSP, honoris causa in 2000. In addition to over 100 technical reports and articles on his research, Spaf is also the coauthor of Web Security, Privacy, and Commerce, and was the consulting editor for Computer Crime: A Crimefighters Handbook (both from O'Reilly).

Product Details

• Paperback: 800 pages
• Publisher: O'Reilly Media; Second Edition edition (January 15, 2002)
• Language: English
• ISBN-10: 0596000456
• ISBN-13: 978-0596000455
• Product Dimensions: 7 x 9.2 x 1.7 inches
• Shipping Weight: 2.4 pounds (View shipping rates and policies)
• Average Customer Review: 4.0 out of 5 stars  See all reviews (7 customer reviews)
• Amazon Best Sellers Rank: #550,665 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

14 of 16 people found the following review helpful:

5.0 out of 5 stars Great coverage on all aspects of infosec, March 19, 2002

By 

Ben Rothke "Author of 'Computer Security: 20 ... (USA) - See all my reviews
(REAL NAME)   

This review is from: Web Security, Privacy and Commerce, 2nd Edition (Paperback)

Web Security, Privacy & Commerce, 2nd Edition
by Simson Garfinkel with Gene Spafford
O'Reilly & Associates 2002
ISBN: 0596000456

There are two basic reasons why a book comes out in a second edition: either the author needs the cash or the book needs to be updated. When the first edition of Web Security, Privacy & Commerce came out in 1997, it was titled Web Security & Commerce. Not only has the title changed, but Web security, privacy, and commerce have changed radically in the last five years.

The nature of the change and the pace at which it occurs is a large part of the difficulty within information security. Imagine a heart surgeon going on an extended vacation in 1997 and coming back in 2002. Although his surgical technique may be a bit rusty, there is no reason to think that he could not start practicing medicine again right away. However, if you were to take a contemporary information security professional from 1997 and place him in the 2002 workplace, he would be horribly outdated. Technologies that did not exist in 1997, or even 2000, are now ubiquitous, and technologies that were considered cutting edge only a few years ago are now archaic.

With that, the update to Web Security, Privacy & Commerce is indeed warranted and welcomed. A glance at the table of contents reveals coverage of nearly every core aspect within Web security. The book provides a comprehensive and impartial look at the technologies and approaches that both management and systems administrators can employ to ensure the security of their networks and systems. The author's impartiality is revealed in chapter 15, which describes several telephone scanner utilities; Garfinkel is the creator of one of the utilities, but makes sure to list the competition (and even has nice things to say about them).

Simson Garfinkel and Gene Spafford are veterans in the computer security world. Garfinkel is the author of several highly acclaimed books, and Spafford is a professor of computer science at Purdue University. Their succinct writing style allows them to cover a huge amount of information in a little over 700 pages.

The book is divided into four sections: Web technology, privacy and security for users, Web server security, and security for content providers. Part one goes into details about the security foundations of the networks and the Internet. Topics include SSL/TLS, PKI, digital signatures, and biometrics. These seven chapters give the reader a good overview of the essence of information security.

Part 2, "Privacy and Security for Users," is quite different from other security books. Whereas other books detail the problems with privacy on the Internet, this book does a good job of showing users various strategies for keeping their personal information private. Garfinkel shows how the real threats to personal privacy are not so much cookies and log files; rather the end-users very own readiness to provide Web and e-commerce sites with their personal information.

Part 3, "Web Server Security," details how service providers and systems administrators can lock down and secure their systems. The authors provide details on topics such as host security, server access methods, and secure CGI/API programming.

Part 4, "Security for Content Providers," is quite interesting, as many content providers and ISPs forget that the onus of security and privacy to a large degree falls on them. This section includes details on how these providers can use various techniques, from filters to PICS and more, to ensure their users' privacy.

The fact that Web Security, Privacy & Commerce, 2nd Edition, is nearly twice the size of the first edition is indicative of the fact that security has changed radically since 1997. Whether you run a Web site or are concerned about security for your PC at home, Web Security, Privacy & Commerce is a must read.

12 of 14 people found the following review helpful:

5.0 out of 5 stars Outstanding: Clear and to the point, December 16, 2001

By 

Abe Usher "information security nut" (Virginia) - See all my reviews

This review is from: Web Security, Privacy and Commerce, 2nd Edition (Paperback)

I work as a computer security analyst for a major consulting firm. Garfinkel's book is head and shoulders above anything else out there.

In particular, his handling of the tension between security policy and privacy policy is particularly well written.

I highly recommend this book to anyone that wants to develop a detailed understanding of the significant issues that affect doing business on the web.

16 of 20 people found the following review helpful:

2.0 out of 5 stars In a word, disappointing., May 14, 2002

By 

"ericcrlsn" (san diego, ca) - See all my reviews

This review is from: Web Security, Privacy and Commerce, 2nd Edition (Paperback)

Apart from paid reviewers I can't see anyone with any actual knowledge of security rating this book 5 stars. It is not as clear and concise as it should be, and the technical knowledge is freely available at securityfocus.com and other sites. A better job could have been done with security and privacy policies.

More effort should have been put forth in providing common sense (implementable) solutions or best practices instead of re-hashing material that other books have already done a better job presenting.

I normally enjoy O'reilly books but like the first edition, this book is a disappointment.