Web Security and Commerce (Nutshell Handbooks) 1st Edition

by Simson Garfinkel (Author), Gene Spafford (Author)

4 ratings

ISBN-13: 978-1565922693

ISBN-10: 1565922697

Why is ISBN important?

Paperback

$5.97 - $45.98

Other Sellers

from

Other Sellers

See all 2 versions

Used: Very Good | Details

Sold by Better World Books: North

Access codes and supplements are not guaranteed with used items.

FREE delivery April 20 - 25. Details

Only 1 left in stock - order soon.

Sold by ExpressWizard and Fulfilled by Amazon.

Available at a lower price from other sellers that may not offer free Prime shipping.

FREE delivery Saturday, April 23

Or fastest delivery Thursday, April 21. Order within 6 hrs 34 mins

Available at a lower price from other sellers that may not offer free Prime shipping.

There is a newer edition of this item:

Web Security, Privacy and Commerce, 2nd Edition
$49.99
(12)
In Stock.

Attacks on government Web sites, break-ins at Internet service providers, electronic credit card fraud, invasion of personal privacy by merchants as well as hackers--is this what the World Wide Web is really all about?Web Security & Commerce cuts through the hype and the front page stories. It tells you what the real risks are and explains how you can minimize them. Whether you're a casual (but concerned) Web surfer or a system administrator responsible for the security of a critical Web server, this book will tell you what you need to know. Entertaining as well as illuminating, it looks behind the headlines at the technologies, risks, and benefits of the Web. Whatever browser or server you are using, you and your system will benefit from this book.Topics include:

User safety--browser vulnerabilities (with an emphasis on Netscape Navigator and Microsoft Internet Explorer), privacy concerns, issues with Java, JavaScript, ActiveX, and plug-ins.
Digital certificates--what they are, how they assure identity in a networked environment, how certification authorities and server certificates work, and what code signing all about.
Cryptography--an overview of how encryption works on the Internet and how different algorithms and programs are being used today.
Web server security--detailed technical information about SSL (Secure Socket Layer), TLS (Transport Layer Security), host security, server access methods, and secure CGI/API programming.
Commerce and society--how digital payments work, what blocking software and censorship technology (e.g., PICS and RSACi) is about, and what civil and criminal issues you need to understand.

Amazon.com Review

Garfinkel and Spafford, longtime Net veterans, overturn a lot of misconceptions about online security in a commonsense book that is easily accessible to even nontechnical readers. They make it clear that any commercial Web site requires careful attention to security-even if the site doesn't carry any sensitive information. Furthermore, the authors show that there's a lot more to security than merely encrypting transmissions. Their goal is to lay the foundation for securing the three parts of a system: the Web server and its data; the information that travels between server and user; and the user's own computer and the information stored there.

Because of the rapidly evolving nature of Web security, Garfinkel and Spafford are not specific in terms of security flaws and tools to fix them. Instead, they emphasize laying out the Web-security principles that will be applicable throughout several generations of hardware and software change. In the process, they give extensive coverage to user safety, digital certificates, cryptography, Web-server security, and the larger issues of commerce and society. Appendix A shows the lessons of the book in action as it details Garfinkel's experience running and securing the Vineyard.net Internet service provider. --Elizabeth Lewis

From the Publisher

The World Wide Web is the fastest growing part of the Internet -- and the part that is the most vulnerable to attack. There are a number of reasons: Commerce: The Internet is becoming increasingly commercialized; browsers are being used to look at material available for purchase, and people are sending credit card information via the Web. This sensitive financial information is an attractive target for attackers. Proprietary information: Organizations are using the Web more and more to distribute information both internally and externally. This information is also a tempting target for economic competitors. Network access: Web servers are an ideal target since a compromised web server can be used to further attack networked computers within an organization. Extensibility: New technologies allow both servers (CGI) and browsers (Java and ActiveX) to be extended. Unfortunately, web extensibility can become a backdoor for attackers. Too many organizations are rushing headlong into using the Web without considering the potential for attack and compromise. Web Security & Commerce looks at the vulnerabilities of WWW servers, browsers, and a variety of new technologies that increase the power and scope of the Web, but which unfortunately may also put it at risk. This book examines the technologies and the risks, and it describes the best available strategies for minimizing those risks. Topics include basic web, host, and site security, CGI/API programming, cryptography, the Secure Socket Layer (SSL), digital IDs, web servers (e.g., Apache-SSL, Netscape), Java, JavaScript, ActiveX, code signing, electronic commerce, and legal issues. A detailed table of contents follows: Preface The Web: Promises and Threats This book Acknowledgements I:Web Security Basics 1:Introduction Web Security in a Nutshell The Web Security Problem Credit-Cards, Encryption and Netscape Firewalls: Who Needs Them? Web Security is not "All or nothing." 2:Controlling Access to Web-Based Information Controlling Access to Files on Your Server Website Users Host Users 3:Host And Site Security Common Problems Minimizing Web Server Risk Host Security Site Security 4:Secure CGI/API Programming The Danger of Extensibility. A Common Problem Rules To Code By Specific Rules for Specific Programming Languages Tips on Writing SUID/SGID CGI Scripts Tips on Using Passwords Environment Variables II:Enhanced Web Security 5:Cryptography Basics Understanding Cryptography Cryptographic Algorithms and Functions Key Length and Cryptographic Strength Key Escrow Legal Restrictions on Cryptography 6:Cryptography and the Web Encryption and Web Security Working Cryptosystems 7:Understanding SSL Overview The SSL v3.0 Protocol Support for SSL SSL: The User's Point of View 8:Digital IDs Identity Cards for Cyberspace Public Key Infrastructure Using Digital IDs Digital IDs and the Web 9:Apache-SSL Apache-SSL SSLeay 10:Netscape WWW Servers 11:WebSite Pro 12:WebStar: A Secure Macintosh Web Server 13:Java Browser History: An Evolution of Risk Java Security JavaScript Security Plug-ins and ActiveX Code Signing Implementation Flaws III:Browsers and Beyond 14:JavaScript 15:ActiveX: 16:Code Signing IV:Commerce and Society 17:Parental Controls 18:Getting Paid Credit Cards Digital Cash How to Evaluate a Payment System 19:Legal Issues Intellectual Property Torts Criminal Subject Matter

About the Author

Simson Garfinkel, CISSP, is a journalist, entrepreneur, and international authority on computer security. Garfinkel is chief technology officer at Sandstorm Enterprises, a Boston-based firm that develops state-of-the-art computer security tools. Garfinkel is also a columnist for Technology Review Magazine and has written for more than 50 publications, including Computerworld, Forbes, and The New York Times. He is also the author of Database Nation; Web Security, Privacy, and Commerce; PGP: Pretty Good Privacy; and seven other books. Garfinkel earned a master's degree in journalism at Columbia University in 1988 and holds three undergraduate degrees from MIT. He is currently working on his doctorate at MIT's Laboratory for Computer Science.

Gene Spafford, Ph.D., CISSP, is an internationally renowned scientist and educator who has been working in information security, policy, cybercrime, and software engineering for nearly two decades. He is a professor at Purdue University and is the director of CERIAS, the world's premier multidisciplinary academic center for information security and assurance. Professor Spafford and his students have pioneered a number of technologies and concepts well-known in security today, including the COPS and Tripwire tools, two-stage firewalls, and vulnerability databases. Spaf, as he is widely known, has achieved numerous professional honors recognizing his teaching, his research, and his professional service. These include being named a fellow of the AAAS, the ACM, and the IEEE; receiving the National Computer Systems Security Award; receiving the William Hugh Murray Medal of the NCISSE; election to the ISSA Hall of Fame; and receiving the Charles Murphy Award at Purdue. He was named a CISSP, honoris causa in 2000. In addition to over 100 technical reports and articles on his research, Spaf is also the coauthor of Web Security, Privacy, and Commerce, and was the consulting editor for Computer Crime: A Crimefighters Handbook (both from O'Reilly).

Publisher ‏ : ‎ O'Reilly Media; 1st edition (June 11, 1997)
Language ‏ : ‎ English
Paperback ‏ : ‎ 506 pages
ISBN-10 ‏ : ‎ 1565922697
ISBN-13 ‏ : ‎ 978-1565922693
Item Weight ‏ : ‎ 1.76 pounds
Dimensions ‏ : ‎ 7 x 1.15 x 9.19 inches

Customer Reviews:
4 ratings

Customer reviews

5 star		50%
4 star		50%
3 star 0% (0%)		0%
2 star 0% (0%)		0%
1 star 0% (0%)		0%

How are ratings calculated?

Top reviews from the United States

There was a problem filtering reviews right now. Please try again later.

Linda Zarate

Valuable to Technical & Non-Technical Readers

Reviewed in the United States on March 14, 2001

This book is an ideal introduction to the broad landscape of security methods and technologies for non-technical users. It is also an excellent resource for IT professionals who need to quickly get up-to-speed on web security.
My background is mostly "big iron", consisting of 24 years of mainframe and mid-range experience and a little more than a year in distributed computing (UNIX/Linux, network, etc.). In the good old days security consisted of RACF, ACLs, and some common sense rules about physical and logical access controls. Not so today, and until I read this book I had a nagging feeling that there was a large gap in my professional knowledge. Moreover, as a home user who spent a lot of time on the web I would get frustrated by messages issued by my browser about certificates. This book came to my rescue on all counts.
The first two sections, The Web Security Landscape and User Safety, were illuminating. If a non-technical user only read these parts of the book he or she would come away with a good understanding of the risks faced on the web, and how to mitigate or eliminate them. The one complaint I have about these two sections is the material is woefully out of date. I subtracted a star from my rating for this reason.
The next three sections of the book is a wide survey of security technologies that cover digital certificates, cryptography, web server security. These provided me with a basic understanding of technologies that I need to know as an IT professional working in distributed environments. When comparing what I needed to know about security in the mainframe world to what I need to know as an IT consultant I could not help thinking, "We're not in Kansas anymore!" The material was clear and easy to understand and built my personal self-confidence. This part of the book will not make you an expert by any means, but you will come away with a good grasp of the elements of web security and a very basic understanding of how everything works and fits together.
Commerce and Society is the title of the book's last section and contains thought-provoking information on topics such as digital payments, censorship technology and the such. I especially liked the two chapters that addressed civil and criminal legal issues. Despite the fact that this book is out of date with respect to specific products it is a great introduction to web security. Unlike other O'Reilly books that are deeply technical, this one can be easily understood by home and business users as well as IT professionals. I personally gained a lot from the book and highly recommend it.

5 people found this helpful

Helpful

Geoffrey B.

Right on the mark!

Reviewed in the United States on April 14, 2000

Having spent a dozen years in what used to be called EDP security, but not having concentrated in the area recently, I found that the book was perfect. It avoids belaboring what is now obvious to everyone, and succeeds in covering the whole spectrum of web security issues in a single volume. It is hard to write about the history of monetized plastic (credit, debit, and smart cards) without either going into great detail or sounding like there is a great new world dawning, but Garfinkel and Spafford tread that narrow line. Similarly, the nuances of PKI very quickly can dominate anything written about it, and the authors succeed in avoiding this trap. It was interesting to see that the authors basically dealt with Denial of Service attacks a couple of years before the "famous" DOS attacks on Yahoo and E-Trade. In short, reading the book won't make you a web security maven, but it most likely will prompt you to ask the right questions about the subject, and can certainly make you sound like one! Super book!

8 people found this helpful

Helpful

Ronald K. Olson

Used as text for course in Net Security and Legal Issues

Reviewed in the United States on November 15, 2000

This book, together with Virtual Private Networks, 2ND Edition, (ISBN: 1-56592-529-7) O'Reilly & Associates, Copyright 1998, form the basis for the course MIS4245 - Net Security and Legal Issues - at Northeastern University (University College, evening division) here in Boston.
Since I am currently teaching this course for the very first time I have found it to be well-targeted for the Business Administration undergraduate level students. The prose is pleasant and often entertaining, with the technical information provided with just the right balance of detail and concept, reinforced with recent related anectdotal examples.
While it could stand some some "updating" - (technology is moving at blinding speed in this area) - the authors' basic messages of why security is important, typical techniques employed by the "bad guys", and the emphasis on protection and prevention versus reaction and recovery all strike true, loud and clear.
In my regular day job, as someone involved in the field of Software Quality Assurance for web-based applications, I ordered everyone on my staff a copy for their personal use. At the Amazon price, it is a bargain!

4 people found this helpful

Helpful