书籍详情
Web安全与电子商务(影印版第2版)
作者:Simson Garfinkel,Gene Spafford著
出版社:清华大学出版社
出版时间:2002-11-01
ISBN:9787302059516
定价:¥119.00
购买这本书可以去
内容简介
自从这部经典之作的第一版出版以来,worldwideWeb的应用得到了迅速普及,电子商务已经成为人们日常工作和生活的一部分。Web的成长也带来了对我们的安全性和个人隐私的威胁——从信用卡诈骗到商家对个人隐私的入侵,从对Web站点的丑化攻击到彻底瘫痪掉一些流行的站点。本书研究了当今面临的主要安全问题,篇幅几乎是第一版的两倍,对相关的内容进行了全面的更新,力图成为Web安全问题的权威参考书。读者可以使用书中介绍的技术和技巧保护你的个人隐私、公司、系统和网络。本书的主题包括:·Web技术——密码系统、安全套接层(SSL)、公共密钥构架(PKl)、密码、数字签名和生物统计学。·用户的Web隐私和安全机制——Cookie、日志文件、spam、Web日志、个人信用信息、身份盗窃,以及插件、ActiveX控件、Javaapplet和JavaScript、Flash、Shockwave程序中的怀有敌意的活动代码。·管理员和内容提供商的Web服务器安全机制——CGI、PHP、SSL证书、P3P和隐私策略、数字支付、客户机方签名、代码签名、色情内容过滤、PICS、智能属性和法律问题。“由于Internet面临的安全威胁日益严重,解决方案也变得越来越复杂,人们往往为了应付表面的安全问题而抛弃了基本的安全原则。本书对现代计算环境中的安全性和个人隐私的基础问题进行了卓越的研究。本书内容中肯实用,叙述轻松流畅——甚至会让业界的专家们拍案叫绝!我向涉及安全工作的初学者和有经验的人员强烈推荐此书。本书也值得该领域的教师和作者一读再读。”——GeneKim(Tripwire公司CTO)“本书应该让所有运营Web站点的人认真阅读。书中介绍了让你做出明智决策所需要的理论,以及许多与理论紧密结合的实用示例。即使你已经有了多年运营Web站点的经验,本书也会让你受益匪浅。”——ReuvenLerner(Web/数据库顾问,LinuxJournal专栏作家)
作者简介
暂缺《Web安全与电子商务(影印版第2版)》作者简介
目录
Preface
Part I. Web Technology
1. The Web Security Landscape
The Web Security Problem
Risk Analysis and Best Practices
2. The Architecture of the World Wide Web
History and Terminology
A Packet's Tour of the Web
Who Owns the Internet?
3. Cryptography Basic
Understanding Cryptography
Symmetric Key Algorithms
Public Key Algorithms
Message Digest Functions
4. Cryptography and the Web
Cryptography and Web Security
Working Cryptographic Systems and Protocols
What Cryptography Can't Do
Legal Restrictions on Cryptography
5. Understanding SSL and TLS
What Is SSL?
SSL: The User's Point of View
6. Digital Identification 1: Passwords, Biometrics, and Digital Signatures
Physical Identification
Using Public Keys for Identification
Real-World Public Key Examples
7. Digital Identification 11: Digital Certificates, CAs, and PKI
Understanding Digital Certificates with PGP
Certification Authorities: Third-Party Registrars
Public Key Infrastructure
Open Policy Issues
Part II. Privacy and Security for Users
8. The Web's War on Your Privacy
Understanding Privacy
User-Provided Information
Log Files
Understanding Cookies
Web Bugs
Conclusion
9. Privacy-Protecting Techniques
Choosing a Good Service Provider
Picking a Great Password
Cleaning Up After Yourself
Avoiding Spam and Junk Email
Identity Theft
10. Privacy-Protecting Technologies
Blocking Ads and Crushing Cookies
Anonymous Browsing
Secure Email
11. Backups and Antitheft
Using Backups to Protect Your Data
Preventing Theft
12. Mobile Code I: Plug-Ins, ActiveX, and Visual Basic
When Good Browsers Go Bad
Helper Applications and Plug-ins
Microsoft's ActiveX
The Risks of Downloaded Code
Conclusion
13. Mobile Code II: Java, JavaScript, flash, and Shockwave
Java
JavaScript
Flash and Shockwave
Conclusion
Part III. Web Server Security
14. Physical Security for Servers
Planning for the Forgotten Threats
Protecting Computer Hardware
Protecting Your Data
Personnel
Story: A Failed Site Inspection
15. Host Security for Servers
Current Host Security Problems
Securing the Host Computer
Minimizing Risk by Minimizing Services
Operating Securely
Secure Remote Access and Content Updating
Firewalls and the Web
Conclusion
16. Securing Web Applications
A Legacy of Extensibility and Risk
Rules to Code By
Securely Using Fields, Hidden Fields, and Cookies
Rules for Programming Languages
Using PHP Securely
Writing Scripts That Run with Additional Privileges
Connecting to Databases
Conclusion
17. Deploying SSL Server Certificates
Planning for Your SSL Server
Creating SSL Servers with FreeBSD
Installing an SSL Certificate on Microsoft IIS
Obtaining a Certificate from a Commercial CA
When Things Go Wrong
18. Securing Your Web Service
Protecting Via Redundancy
Protecting Your DNS
Protecting Your Domain Registration
19. Computer Crime
Your Legal Options After a Break-In
Criminal Hazards
Criminal Subject Matter
Part IV. Security for Content Providers
20. Controlling Access to Your Web Content
Access Control Strategies
Controlling Access with Apache
Controlling Access with Microsoft IIS
21. Client-Side Digital Certificates
Client Certificates
A Tour of the VeriSign Digital ID Center
22. Code Signing and Microsoft's Authenticode
Why Code Signing?
Microsoft's Authenticode Technology
Obtaining a Software Publishing Certificate
Other Code Signing Methods
23. Pornography, Filtering Software, and Censorship
Pornography Filtering
PICS
RSACi
Conclusion
24. Privacy Policies, Legislation, and P3P
Policies That Protect Privacy and Privacy Policies
Children's Online Privacy Protection Act
P3P
Conclusion
25. Digital Payments
Charga-Plates, Diners Club, and Credit Cards
Internet-Based Payment Systems
How to Evaluate a Credit Card Payment System
26. Intellectual Property and Actionable Content
Copyright
Patents
Trademarks
Actionable Content
Part V. Appendixes
A. Lessons from Vineyard.NET
B. The SSL/ TLS Protocol
C. P3P: The Platform for Privacy Preferences Project
D. The PICS Specification
E. References
Index
Part I. Web Technology
1. The Web Security Landscape
The Web Security Problem
Risk Analysis and Best Practices
2. The Architecture of the World Wide Web
History and Terminology
A Packet's Tour of the Web
Who Owns the Internet?
3. Cryptography Basic
Understanding Cryptography
Symmetric Key Algorithms
Public Key Algorithms
Message Digest Functions
4. Cryptography and the Web
Cryptography and Web Security
Working Cryptographic Systems and Protocols
What Cryptography Can't Do
Legal Restrictions on Cryptography
5. Understanding SSL and TLS
What Is SSL?
SSL: The User's Point of View
6. Digital Identification 1: Passwords, Biometrics, and Digital Signatures
Physical Identification
Using Public Keys for Identification
Real-World Public Key Examples
7. Digital Identification 11: Digital Certificates, CAs, and PKI
Understanding Digital Certificates with PGP
Certification Authorities: Third-Party Registrars
Public Key Infrastructure
Open Policy Issues
Part II. Privacy and Security for Users
8. The Web's War on Your Privacy
Understanding Privacy
User-Provided Information
Log Files
Understanding Cookies
Web Bugs
Conclusion
9. Privacy-Protecting Techniques
Choosing a Good Service Provider
Picking a Great Password
Cleaning Up After Yourself
Avoiding Spam and Junk Email
Identity Theft
10. Privacy-Protecting Technologies
Blocking Ads and Crushing Cookies
Anonymous Browsing
Secure Email
11. Backups and Antitheft
Using Backups to Protect Your Data
Preventing Theft
12. Mobile Code I: Plug-Ins, ActiveX, and Visual Basic
When Good Browsers Go Bad
Helper Applications and Plug-ins
Microsoft's ActiveX
The Risks of Downloaded Code
Conclusion
13. Mobile Code II: Java, JavaScript, flash, and Shockwave
Java
JavaScript
Flash and Shockwave
Conclusion
Part III. Web Server Security
14. Physical Security for Servers
Planning for the Forgotten Threats
Protecting Computer Hardware
Protecting Your Data
Personnel
Story: A Failed Site Inspection
15. Host Security for Servers
Current Host Security Problems
Securing the Host Computer
Minimizing Risk by Minimizing Services
Operating Securely
Secure Remote Access and Content Updating
Firewalls and the Web
Conclusion
16. Securing Web Applications
A Legacy of Extensibility and Risk
Rules to Code By
Securely Using Fields, Hidden Fields, and Cookies
Rules for Programming Languages
Using PHP Securely
Writing Scripts That Run with Additional Privileges
Connecting to Databases
Conclusion
17. Deploying SSL Server Certificates
Planning for Your SSL Server
Creating SSL Servers with FreeBSD
Installing an SSL Certificate on Microsoft IIS
Obtaining a Certificate from a Commercial CA
When Things Go Wrong
18. Securing Your Web Service
Protecting Via Redundancy
Protecting Your DNS
Protecting Your Domain Registration
19. Computer Crime
Your Legal Options After a Break-In
Criminal Hazards
Criminal Subject Matter
Part IV. Security for Content Providers
20. Controlling Access to Your Web Content
Access Control Strategies
Controlling Access with Apache
Controlling Access with Microsoft IIS
21. Client-Side Digital Certificates
Client Certificates
A Tour of the VeriSign Digital ID Center
22. Code Signing and Microsoft's Authenticode
Why Code Signing?
Microsoft's Authenticode Technology
Obtaining a Software Publishing Certificate
Other Code Signing Methods
23. Pornography, Filtering Software, and Censorship
Pornography Filtering
PICS
RSACi
Conclusion
24. Privacy Policies, Legislation, and P3P
Policies That Protect Privacy and Privacy Policies
Children's Online Privacy Protection Act
P3P
Conclusion
25. Digital Payments
Charga-Plates, Diners Club, and Credit Cards
Internet-Based Payment Systems
How to Evaluate a Credit Card Payment System
26. Intellectual Property and Actionable Content
Copyright
Patents
Trademarks
Actionable Content
Part V. Appendixes
A. Lessons from Vineyard.NET
B. The SSL/ TLS Protocol
C. P3P: The Platform for Privacy Preferences Project
D. The PICS Specification
E. References
Index
猜您喜欢