Web Security, Privacy, and Commerce - Brossura

Preface; Web Security: Is Our Luck Running Out?; About This Book; Conventions Used in This Book; Comments and Questions; History and Acknowledgments; Web Technology; Chapter 1: The Web Security Landscape; 1.1 The Web Security Problem; 1.2 Risk Analysis and Best Practices; Chapter 2: The Architecture of the World Wide Web; 2.1 History and Terminology; 2.2 A Packet’s Tour of the Web; 2.3 Who Owns the Internet?; Chapter 3: Cryptography Basics; 3.1 Understanding Cryptography; 3.2 Symmetric Key Algorithms; 3.3 Public Key Algorithms; 3.4 Message Digest Functions; Chapter 4: Cryptography and the Web; 4.1 Cryptography and Web Security; 4.2 Working Cryptographic Systems and Protocols; 4.3 What Cryptography Can’t Do; 4.4 Legal Restrictions on Cryptography; Chapter 5: Understanding SSL and TLS; 5.1 What Is SSL?; 5.2 SSL: The User’s Point of View; Chapter 6: Digital Identification I: Passwords, Biometrics, and Digital Signatures; 6.1 Physical Identification; 6.2 Using Public Keys for Identification; 6.3 Real-World Public Key Examples; Chapter 7: Digital Identification II: Digital Certificates, CAs, and PKI; 7.1 Understanding Digital Certificates with PGP; 7.2 Certification Authorities: Third-Party Registrars; 7.3 Public Key Infrastructure; 7.4 Open Policy Issues; Privacy and Security for Users; Chapter 8: The Web’s War on Your Privacy; 8.1 Understanding Privacy; 8.2 User-Provided Information; 8.3 Log Files; 8.4 Understanding Cookies; 8.5 Web Bugs; 8.6 Conclusion; Chapter 9: Privacy-Protecting Techniques; 9.1 Choosing a Good Service Provider; 9.2 Picking a Great Password; 9.3 Cleaning Up After Yourself; 9.4 Avoiding Spam and Junk Email; 9.5 Identity Theft; Chapter 10: Privacy-Protecting Technologies; 10.1 Blocking Ads and Crushing Cookies; 10.2 Anonymous Browsing; 10.3 Secure Email; Chapter 11: Backups and Antitheft; 11.1 Using Backups to Protect Your Data; 11.2 Preventing Theft; Chapter 12: Mobile Code I: Plug-Ins, ActiveX,and Visual Basic; 12.1 When Good Browsers Go Bad; 12.2 Helper Applications and Plug-ins; 12.3 Microsoft’s ActiveX; 12.4 The Risks of Downloaded Code; 12.5 Conclusion; Chapter 13: Mobile Code II: Java, JavaScript, Flash, and Shockwave; 13.1 Java; 13.2 JavaScript; 13.3 Flash and Shockwave; 13.4 Conclusion; Web Server Security; Chapter 14: Physical Security for Servers; 14.1 Planning for the Forgotten Threats; 14.2 Protecting Computer Hardware; 14.3 Protecting Your Data; 14.4 Personnel; 14.5 Story: A Failed Site Inspection; Chapter 15: Host Security for Servers; 15.1 Current Host Security Problems; 15.2 Securing the Host Computer; 15.3 Minimizing Risk by Minimizing Services; 15.4 Operating Securely; 15.5 Secure Remote Access and Content Updating; 15.6 Firewalls and the Web; 15.7 Conclusion; Chapter 16: Securing Web Applications; 16.1 A Legacy of Extensibility and Risk; 16.2 Rules to Code By; 16.3 Securely Using Fields, Hidden Fields, and Cookies; 16.4 Rules for Programming Languages; 16.5 Using PHP Securely; 16.6 Writing Scripts That Run with Additional Privileges; 16.7 Connecting to Databases; 16.8 Conclusion; Chapter 17: Deploying SSL Server Certificates; 17.1 Planning for Your SSL Server; 17.2 Creating SSL Servers with FreeBSD; 17.3 Installing an SSL Certificate on Microsoft IIS; 17.4 Obtaining a Certificate from a Commercial CA; 17.5 When Things Go Wrong; Chapter 18: Securing Your Web Service; 18.1 Protecting Via Redundancy; 18.2 Protecting Your DNS; 18.3 Protecting Your Domain Registration; Chapter 19: Computer Crime; 19.1 Your Legal Options After a Break-In; 19.2 Criminal Hazards; 19.3 Criminal Subject Matter; Security for Content Providers; Chapter 20: Controlling Access to Your Web Content; 20.1 Access Control Strategies; 20.2 Controlling Access with Apache; 20.3 Controlling Access with Microsoft IIS; Chapter 21: Client-Side Digital Certificates; 21.1 Client Certificates; 21.2 A Tour of the VeriSign Digital ID Center; Chapter 22: Code Signing and Microsoft’s Authenticode; 22.1 Why Code Signing?; 22.2 Microsoft’s Authenticode Technology; 22.3 Obtaining a Software Publishing Certificate; 22.4 Other Code Signing Methods; Chapter 23: Pornography, Filtering Software, and Censorship; 23.1 Pornography Filtering; 23.2 PICS; 23.3 RSACi; 23.4 Conclusion; Chapter 24: Privacy Policies, Legislation, and P3P; 24.1 Policies That Protect Privacy and Privacy Policies; 24.2 Children’s Online Privacy Protection Act; 24.3 P3P; 24.4 Conclusion; Chapter 25: Digital Payments; 25.1 Charga-Plates, Diners Club, and Credit Cards; 25.2 Internet-Based Payment Systems; 25.3 How to Evaluate a Credit Card Payment System; Chapter 26: Intellectual Property and Actionable Content; 26.1 Copyright; 26.2 Patents; 26.3 Trademarks; 26.4 Actionable Content; Appendixes; Lessons from Vineyard.NET; In the Beginning; Planning and Preparation; IP Connectivity; Commercial Start-Up; Ongoing Operations; Redundancy and Wireless; The Big Cash-Out; Conclusion; The SSL/TLS Protocol; History; TLS Record Layer; SSL/TLS Protocols; SSL 3.0/TLS Handshake; P3P: The Platform for Privacy Preferences Project; How P3P Works; Deploying P3P; Simple P3P-Enabled Web Site Example; The PICS Specification; Rating Services; PICS Labels; References; Electronic References; Paper References; Colophon;