When it comes down to it, the process of protecting your e-commerce site from malicious hackers isn't too different from that of setting up defenses around any other kind of Internet site. The only characteristic that distinguishes an e-commerce site from other kinds of sites is its ability to take payment information from customers, which means there's one more way to attack the site. The scores of techniques that can bring down ordinary sites apply to e-commerce sites as well. This is why Hack Proofing Your E-Commerce Site
doesn't so much distinguish itself from the collection of "defending against hackers" books already out there, as supplement those books' content with additional material that's specific to e-commerce. This book treats site defense generally, with extra material on encrypted services and payment-protection schemes.
The sections specifically about buying and selling on the Internet--they make up about a third of this book--appear to have been well researched, and go beyond the merely technical to comment on the legal aspects of attacking digital money transactions. You'll probably learn a lot from the authors' discussions of laws designed to protect the consumer from fraud on the Internet and the amount of trouble they can cause e-commerce businesses. Those sections, since they cover material that's not well explained elsewhere, carry this book on their own. --David Wall
Topics covered: General issues of Internet site defense--including modes of attack (with emphasis on distributed denial of service), secure design principles, security policies, and incident response--supplemented by issues specific to electronic commerce. E-commerce subjects include legal matters, the Secure Electronic Transactions (SET) protocol, and relations with credit-card issuers.
About the Author
Ryan Russell is the best-selling author of Hack Proofing Your Network: Internet Tradecraft (Syngress Publishing, ISBN: 1-928994-15-6). He is an Incident Analyst at SecurityFocus, has served as an expert witness on security topics, and has done internal security investigation for a major software vendor. Ryan has been working in the IT field for over 13 years, the last 7 of which have been spent primarily in information security. He has been an active participant in various security mailing lists, such as BugTraq, for years, and is frequently sought after as a speaker at security conferences. Ryan has contributed to four other Syngress Publishing titles on the topic of networking, and four on the topic of security. He holds a Bachelors of Science degree in Computer Science.
L. Brent Huston earned his Associate of Applied Science degree in Electronics at DeVry Technical Institute (Columbus, Ohio) in 1994. He has more than 10 years of experience in IT, mostly in the areas of cyber security testing, network monitoring, scanning protocols, firewalls, viruses and virus prevention formats, security patches, and hacker techniques. As President and CEO of his own information security company, MicroSolved, Inc., he and his staff have performed system and network security-consulting services for Fortune 500 companies and all levels of governmental facilities. He is well versed in the use and implementation of all the major security tools and appliances. In the past, Brent developed "Passys"a passive intrusion detection system for Unix and has also identified previously unknown security vulnerabilities in Ascom routers, Windows NT and Linux operating systems.
Brent is an accomplished computer and information security speaker and has published numerous white papers on security-related topics. Recently he was involved in the laboratory testing of major firewall appliances at his company's central Ohio facilities. This testing was to prove the worthiness of each appliance, as well as possible vulnerabilities that had not as yet been established by their parent companies. He reported his results both to the individual product companies and at a national security industry presentation. Brent is also currently engaged with the Office of Independent Oversight and Performance Assurance in Columbus, Ohio. He was responsible for designing and implementing a state-of-the-art cyber security testing and research lab for this office and several DOE national laboratories have utilized his expertise to perform network penetration and detection services. Such services have required a high security clearance from Brent. Brent is an Internet Security Systems Certified Engineer, Sidewinder Firewall Certified Administrator, IBM Secure Network Gateway Certified Administrator, and Phoenix Firewall Certified Administrator.