Preface
Part I. Web Technology
1. The Web Security Landscape
The Web Security Problem
Risk Analysis and Best Practices
2. The Architecture of the World Wide Web
History and Terminology
A Packet's Tour of the Web
Who Owns the Internet?
3. Cryptography Basic
Understanding Cryptography
Symmetric Key Algorithms
Public Key Algorithms
Message Digest Functions
4. Cryptography and the Web
Cryptography and Web Security
Working Cryptographic Systems and Protocols
What Cryptography Can't Do
Legal Restrictions on Cryptography
5. Understanding SSL and TLS
What Is SSL?
SSL: The User's Point of View
6. Digital Identification 1: Passwords, Biometrics, and Digital Signatures
Physical Identification
Using Public Keys for Identification
Real-World Public Key Examples
7. Digital Identification 11: Digital Certificates, CAs, and PKI
Understanding Digital Certificates with PGP
Certification Authorities: Third-Party Registrars
Public Key Infrastructure
Open Policy Issues
Part II. Privacy and Security for Users
8. The Web's War on Your Privacy
Understanding Privacy
User-Provided Information
Log Files
Understanding Cookies
Web Bugs
Conclusion
9. Privacy-Protecting Techniques
Choosing a Good Service Provider
Picking a Great Password
Cleaning Up After Yourself
Avoiding Spam and Junk Email
Identity Theft
10. Privacy-Protecting Technologies
Blocking Ads and Crushing Cookies
Anonymous Browsing
Secure Email
11. Backups and Antitheft
Using Backups to Protect Your Data
Preventing Theft
12. Mobile Code I: Plug-Ins, ActiveX, and Visual Basic
When Good Browsers Go Bad
Helper Applications and Plug-ins
Microsoft's ActiveX
The Risks of Downloaded Code
Conclusion
13. Mobile Code II: Java, JavaScript, flash, and Shockwave
Java
JavaScript
Flash and Shockwave
Conclusion
Part III. Web Server Security
14. Physical Security for Servers
Planning for the Forgotten Threats
Protecting Computer Hardware
Protecting Your Data
Personnel
Story: A Failed Site Inspection
15. Host Security for Servers
Current Host Security Problems
Securing the Host Computer
Minimizing Risk by Minimizing Services
Operating Securely
Secure Remote Access and Content Updating
Firewalls and the Web
Conclusion
16. Securing Web Applications
A Legacy of Extensibility and Risk
Rules to Code By
Securely Using Fields, Hidden Fields, and Cookies
Rules for Programming Languages
Using PHP Securely
Writing Scripts That Run with Additional Privileges
Connecting to Databases
Conclusion
17. Deploying SSL Server Certificates
Planning for Your SSL Server
Creating SSL Servers with FreeBSD
Installing an SSL Certificate on Microsoft IIS
Obtaining a Certificate from a Commercial CA
When Things Go Wrong
18. Securing Your Web Service
Protecting Via Redundancy
Protecting Your DNS
Protecting Your Domain Registration
19. Computer Crime
Your Legal Options After a Break-In
Criminal Hazards
Criminal Subject Matter
Part IV. Security for Content Providers
20. Controlling Access to Your Web Content
Access Control Strategies
Controlling Access with Apache
Controlling Access with Microsoft IIS
21. Client-Side Digital Certificates
Client Certificates
A Tour of the VeriSign Digital ID Center
22. Code Signing and Microsoft's Authenticode
Why Code Signing?
Microsoft's Authenticode Technology
Obtaining a Software Publishing Certificate
Other Code Signing Methods
23. Pornography, Filtering Software, and Censorship
Pornography Filtering
PICS
RSACi
Conclusion
24. Privacy Policies, Legislation, and P3P
Policies That Protect Privacy and Privacy Policies
Children's Online Privacy Protection Act
P3P
Conclusion
25. Digital Payments
Charga-Plates, Diners Club, and Credit Cards
Internet-Based Payment Systems
How to Evaluate a Credit Card Payment System
26. Intellectual Property and Actionable Content
Copyright
Patents
Trademarks
Actionable Content
Part V. Appendixes
A. Lessons from Vineyard.NET
B. The SSL/ TLS Protocol
C. P3P: The Platform for Privacy Preferences Project
D. The PICS Specification
E. References
Index
鄂公网安备 42010302001612号 