Vous voulez voir cette page en français ? Cliquez ici.

Have one to sell? Sell yours here
Web Security and Commerce
 
See larger image 
Share your own customer images
Publisher: learn how customers can search inside this book.

Web Security and Commerce [Paperback]

Simson Garfinkel (Author), Gene Spafford PH.D. (Author)
4.0 out of 5 stars  See all reviews (1 customer review)

Available from these sellers.


There is a newer edition of this item:
Web Security, Privacy & Commerce Web Security, Privacy & Commerce 4.0 out of 5 stars (5)
CDN$ 36.53
Usually ships in 1 to 2 months

Product Details

Product Description

From Amazon

Garfinkel and Spafford, longtime Net veterans, overturn a lot of misconceptions about online security in a commonsense book that is easily accessible to even nontechnical readers. They make it clear that any commercial Web site requires careful attention to security­-even if the site doesn't carry any sensitive information. Furthermore, the authors show that there's a lot more to security than merely encrypting transmissions. Their goal is to lay the foundation for securing the three parts of a system: the Web server and its data; the information that travels between server and user; and the user's own computer and the information stored there.

Because of the rapidly evolving nature of Web security, Garfinkel and Spafford are not specific in terms of security flaws and tools to fix them. Instead, they emphasize laying out the Web-security principles that will be applicable throughout several generations of hardware and software change. In the process, they give extensive coverage to user safety, digital certificates, cryptography, Web-server security, and the larger issues of commerce and society. Appendix A shows the lessons of the book in action as it details Garfinkel's experience running and securing the Vineyard.net Internet service provider. --Elizabeth Lewis

Book Description

Attacks on government Web sites, break-ins at Internet service providers, electronic credit card fraud, invasion of personal privacy by merchants as well as hackers--is this what the World Wide Web is really all about?

Web Security & Commerce cuts through the hype and the front page stories. It tells you what the real risks are and explains how you can minimize them. Whether you're a casual (but concerned) Web surfer or a system administrator responsible for the security of a critical Web server, this book will tell you what you need to know. Entertaining as well as illuminating, it looks behind the headlines at the technologies, risks, and benefits of the Web. Whatever browser or server you are using, you and your system will benefit from this book.

Topics include:

  • User safety--browser vulnerabilities (with an emphasis on Netscape Navigator and Microsoft Internet Explorer), privacy concerns, issues with Java, JavaScript, ActiveX, and plug-ins.
  • Digital certificates--what they are, how they assure identity in a networked environment, how certification authorities and server certificates work, and what code signing all about.
  • Cryptography--an overview of how encryption works on the Internet and how different algorithms and programs are being used today.
  • Web server security--detailed technical information about SSL (Secure Socket Layer), TLS (Transport Layer Security), host security, server access methods, and secure CGI/API programming.
  • Commerce and society--how digital payments work, what blocking software and censorship technology (e.g., PICS and RSACi) is about, and what civil and criminal issues you need to understand.
See all Product Description

Tag this product

 (What's this?)
Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organize and find favorite items.
Your tags: Add your first tag
 
See most popular tags
 

Customer Reviews

1 Review
5 star:    (0)
4 star:
 (1)
3 star:    (0)
2 star:    (0)
1 star:    (0)
 
 
 
 
 
Average Customer Review
4.0 out of 5 stars (1 customer review)
 
 
 
 
Share your thoughts with other customers:
Most helpful customer reviews

4.0 out of 5 stars Web Security, Privacy & Commerce, Mar 6 2003
By 
This review is from: Web Security and Commerce (Paperback)
The Internet is an unsecured communication system; it was not designed to be inherently secure. A simple act of browsing a Web page on a remote computer can involve sending packets of information to and receiving them from more than a dozen different computers operated by just as many different organizations.
The division of responsibility among multiple organizations make it possible for each of these organizations and more to eavesdrop on your communication or even to disrupt them. There is no privacy once you visit a Website because the Internet explorer stores cookies in a folder in the history directory, these cookies can be very powerful, anyone who can gain access to your cookies can learn information about you.
In todayï¿s World Wide Web environment, you must stay abreast of newly discovered vulnerabilities if you wish to maintain a secure computer that is connected to the Internet. The day has long passed when security vulnerabilities were kept quiet. These days vulnerabilities are usually publicized with a breath taking speed once they are discovered. Whatï¿s more once vulnerability is known exploits are quickly developed and distributed across the Internet. In many cases system administrators only have a few hours between the time that a vulnerability is first publicized and the time when they will start to be attacked with it. Also some flaws exploit protocols you need to allow through your firewall. Despite all the new vulnerabilities been created and discovered, the underlying concept of web security have changed very little and as such this book concentrated on teaching concept and principles rather than specific commands and key strokes its done a good job out of it.
FIREWALLS are thought to improve computer security because they can exercise precise control over what information is passed between two networks. Firewalls do nothing to protect against insider misuse, virus or other internal problems. It only provides the illusion of better security.
A good computing infrastructure will continue to function in the face of adversity, being man made or natural disaster. Building a secure computing environment is requires careful planning and continued vigilance. There is no substitute for vigilance.
A secure server is not a server that implements cryptographic protocols so that data transfer cannot be eavesdropped upon or a Web server that will safeguard any personal information received or collected, not subverting browsers to download viruses or other rogue programs onto user computers.
Simson Garffinkel and Gene Spafford, concludes that a Secure Web Server is one that is resistant to a determined attack over the Internet or from corporate insider.
Generally accepted principles in the computer Security consist of recommendations, procedures and policies that are known as Best Practices.
But even the Best Practices has its own problems, the biggest problem is that there is no really one set of best practices that is applicable to all websites and Web users, the authors of this book recommends a combination of Risk Analysis and Best Practices.
Unfortunately Simson Garfinkel knows that the application of risk analysis to the field of computer networks has been less successful.
It is impossible to calculate the risk that an attacker will be able to obtain System Administrator privileges on your Web Server?
I have never seen a book packed with so much information on Web security as this book I will recommend it to anyone who wants to have a good foundation in Web security, the understanding that I have gained reading this book is unbeliveable.
This book is about Web Security, privacy and commerce the World Wide Web.
Organized into five parts it examines the security policies in use on the Web today and the strategies available to minimize the risk in using the World Wide Web.
Part 1. WEB TECHNOLOGY: -Examines the underlying Technology that makes up todayï¿s World Wide Web and how the Internet works in general.
The Architecture of the World Wide Web, Cryptography basics, What Cryptography canï¿t do, Legal Restrictions on Cryptography, Understanding Secure Sockets Layer (SSL) and Transport Layer Security(TSL), What does SSL/TSL Really Protect:- actually it does little to protect against the real attacks that consumer and the merchants have experienced on the Internet. Digital Identification:-{Passwords, Biometrics, Digital Signatures, Digital Certificates, CAs, and Public Key Infrastructure (PKI). Part 2. Privacy and Security for Users,
Understanding Cookies, Privacy Protecting Techniques, Choosing a Good Service Provider, Avoiding Spam and Junk Email, Identity Theft, Privacy-Protecting Techniques, Blocking Ads and Crushing Cookies, Backups and Antitheft, Mobile Code Plug-Ins, ActiveX, and Visual Basic, The Risk of Downloaded Code, Java, JavaScript, Flash, and Shockwave. Part 3. Web Server Security:
Physical Security for Servers, Protecting Computer Hardware, Protecting Your Data, Host Security for Servers, Secure Remote Access and Content Updating, Firewalls and the Web, Securing Web Applications, Deploying SSL Server Certificates, When things go Wrong, Securing Your Web Service, Protecting Your DNS, Computer Crime, Your Legal Options After Break-In. Part 3. Security For Content Providers:
Controlling Access To Your Web Content, Access Control Strategies, Client-Side Digital Certificates, Code signing and Microsoftï¿s Authenticode, Why Code Signing, Pornography, Filtering Software and Censorship, Privacy Policies, Legislation, and P3P, Children Online Privacy Protection Act, Digital Payments, Internet-Base Payment Systems, How to Evaluate Credit Card Payment System,
Intellectual Property and Actionable Content, Copyright, Patent, Trademarks,
Part 5. Appendixes: Lessons From Vineyard.NET, the Platform for Privacy Preferences Projects.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No

Share your thoughts with other customers: Create your own review
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com: 4.4 out of 5 stars (10 customer reviews)

25 of 25 people found the following review helpful
4.0 out of 5 stars Definitive Guide for Internet Security, Feb 7 2000
By Travis M. Owens - Published on Amazon.com
This review is from: Web Security and Commerce (Paperback)
This books not only explains system security, it goes into technical detail, something that 95% of books always lack. I shouldn't have to say this book is good, its from O'Reilly. It covers PGP and how it works (not jsut what it is), SSL, TLS, login security, CGI security (they give actual code examples not ideals), hardware based security such with things like smart cards. There is also a chapter that explains what to do after you have been broken into and explains your legal routes of actions also. I also liked the fact that there is a chapter that explains the author's route of actions while working at an ISP . This book is a good buy if you need to learn about security and e-commerence and all the options you have relating to security. I've read alot of books, and its rare to find a book that explains things and also gives technical details. I know I'm not the only person who is sick of seeing every book being written for people who have never used a computer before and do not give code examples and real world implimentation. The only bad thing I have to say about this book is that there isn't a chapter that explains creating your own encryption method for Perl/C/PHP/ASP or the math behind it, but the material they do have does a good job of getting you very near this subject.

7 of 7 people found the following review helpful
4.0 out of 5 stars A good overview, but aging, Jan 15 2001
By A Customer - Published on Amazon.com
This review is from: Web Security and Commerce (Paperback)
I spent quite a bit of time going through this book. It's not a bad book. Very comprehensive and thorough, and generally a pretty well balanced point of view. It acknowledges security is a trade off, and looks at many different options.

I have 2 main problems with it. Firstly, it's simply getting a little old. While 85% of it is still relevant, I'd like to see a second edition. They spend too much time talking about Netscape 3 problems for my liking.

Second is the reason it lost a star. The guys who wrote this obviously know their stuff, but in some ways know it a little too well. The result of this is when they go to explain a subject (public key infrastructure for example) they have a tendency to jump straight into the details, implementation issues, problems, etc, without ever giving you a big picture of it first - or only very briefly if they do. If you understand the basic principles of all security concepts, then this is great, but if like me, you bought this book to learn about fundamentals, I found myself on several occassions doing research on the web to understand the big picture before going back to the book.

But for a good overview for people who are at least semi-technical, it's not bad.


8 of 10 people found the following review helpful
5.0 out of 5 stars Right on the mark!, April 14 2000
By Geoffrey Brown - Published on Amazon.com
This review is from: Web Security and Commerce (Paperback)
Having spent a dozen years in what used to be called EDP security, but not having concentrated in the area recently, I found that the book was perfect. It avoids belaboring what is now obvious to everyone, and succeeds in covering the whole spectrum of web security issues in a single volume. It is hard to write about the history of monetized plastic (credit, debit, and smart cards) without either going into great detail or sounding like there is a great new world dawning, but Garfinkel and Spafford tread that narrow line. Similarly, the nuances of PKI very quickly can dominate anything written about it, and the authors succeed in avoiding this trap. It was interesting to see that the authors basically dealt with Denial of Service attacks a couple of years before the "famous" DOS attacks on Yahoo and E-Trade. In short, reading the book won't make you a web security maven, but it most likely will prompt you to ask the right questions about the subject, and can certainly make you sound like one! Super book!
 Go to Amazon.com to see all 10 reviews  4.4 out of 5 stars 
 
 
Only search this product's reviews


Listmania!

Create a Listmania! list

Look for similar items by category

Look for similar items by subject























i.e., each book must be in subject 1 AND subject 2 AND ...

Feedback

Would you like to update product info or give feedback on images?