Web Security, Privacy and Commerce

ISBN-10: 0596000456

ISBN-13: 9780596000455

Edition: 2nd 2002

List price: $49.99 Buy it from $3.00
eBook available
This item qualifies for FREE shipping

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy


Since the first edition of this classic reference was published, World Wide Web use has exploded and e-commerce has become a daily part of business and personal life. As Web use has grown, so have the threats to our security and privacy--from credit card fraud to routine invasions of privacy by marketers to web site defacements to attacks that shut down popular web sites. "Web Security, Privacy & Commerce goes behind the headlines, examines the major security risks facing us today, and explains how we can minimize them. It describes risks for Windows and Unix, Microsoft Internet Explorer and Netscape Navigator, and a wide range of current programs and products. In vast detail, the book covers: Web technology--The technological underpinnings of the modern Internet and the cryptographic foundations of e-commerce are discussed, along with SSL (the Secure Sockets Layer), the significance of the PKI (Public Key Infrastructure), and digital identification, including passwords, digital signatures, and biometrics. Web privacy and security for users--Learn the real risks to user privacy, including cookies, log files, identity theft, spam, web logs, and web bugs, and the most common risk, users' own willingness to provide e-commerce sites with personal information. Hostile mobile code in plug-ins, ActiveX controls, Java applets, and JavaScript, Flash, and Shockwave programs are also covered. Web server security--Administrators and service providers discover how to secure their systems and web services. Topics include CGI, PHP, SSL certificates, law enforcement issues, and more. Web content security--Zero in on web publishing issues for content providers, includingintellectual property, copyright and trademark issues, P3P and privacy policies, digital payments, client-side digital signatures, code signing, pornography filtering and PICS, and other controls on web content. Nearly double the size of the first edition, this completely updated volume is destined to be the definitive reference on Web security risks and the techniques and technologies you can use to protect your privacy, your organization, your system, and your network.
Used Starting from $32.74
New Starting from $47.64
eBooks Starting from $39.99
Rent eBooks
Buy eBooks
what's this?
Rush Rewards U
Members Receive:
You have reached 400 XP and carrot coins. That is the daily max!
Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Add to cart
Study Briefs
Periodic Table Online content $4.95 $1.99
Add to cart
Study Briefs
SQL Online content $4.95 $1.99
Add to cart
Study Briefs
MS Excel® 2010 Online content $4.95 $1.99
Add to cart
Study Briefs
MS Word® 2010 Online content $4.95 $1.99
Customers also bought

Book details

List price: $49.99
Edition: 2nd
Copyright year: 2002
Publisher: O'Reilly Media, Incorporated
Publication date: 11/25/2001
Binding: Paperback
Pages: 790
Size: 6.75" wide x 9.00" long x 1.50" tall
Weight: 2.442
Language: English

Gene Spafford, Ph.D., CISSP, is an internationally renowned scientist and educator who has been working in information security, policy, cybercrime, and software engineering for nearly two decades. He is a professor at Purdue University and is the director of CERIAS, the world's premier multidisciplinary academic center for information security and assurance. Professor Spafford and his students have pioneered a number of technologies and concepts well-known in security today, including the COPS and Tripwire tools, two-stage firewalls, and vulnerability databases. Spaf, as he is widely known, has achieved numerous professional honors recognizing his teaching, his research, and his professional service. These include being named a fellow of the AAAS, the ACM, and the IEEE; receiving the National Computer Systems Security Award; receiving the William Hugh Murray Medal of the NCISSE; election to the ISSA Hall of Fame; and receiving the Charles Murphy Award at Purdue. He was named a CISSP, honoris causa in 2000. In addition to over 100 technical reports and articles on his research, Spaf is also the coauthor of Web Security, Privacy, and Commerce, and was the consulting editor for Computer Crime: A Crimefighters Handbook (both from O'Reilly).

Web Technology
The Web Security Landscape
The Web Security Problem
Risk Analysis and Best Practices
The Architecture of the World Wide Web
History and Terminology
A Packet's Tour of the Web
Who Owns the Internet?
Cryptography Basics
Understanding Cryptography
Symmetric Key Algorithms
Public Key Algorithms
Message Digest Functions
Cryptography and the Web
Cryptography and Web Security
Working Cryptographic Systems and Protocols
What Cryptography Can't Do
Legal Restrictions on Cryptography
Understanding SSL and TLS
What Is SSL?
SSL: The User's Point of View
Digital Identification I: Passwords, Biometrics, and Digital Signatures
Physical Identification
Using Public Keys for Identification
Real-World Public Key Examples
Digital Identification II: Digital Certificates, CAs, and PKI
Understanding Digital Certificates with PGP
Certification Authorities: Third-Party Registrars
Public Key Infrastructure
Open Policy Issues
Privacy and Security for Users
The Web's War on Your Privacy
Understanding Privacy
User-Provided Information
Log Files
Understanding Cookies
Web Bugs
Privacy-Protecting Techniques
Choosing a Good Service Provider
Picking a Great Password
Cleaning Up After Yourself
Avoiding Spam and Junk Email
Identity Theft
Privacy-Protecting Technologies
Blocking Ads and Crushing Cookies
Anonymous Browsing
Secure Email
Backups and Antitheft
Using Backups to Protect Your Data
Preventing Theft
Mobile Code I: Plug-Ins, ActiveX, and Visual Basic
When Good Browsers Go Bad
Helper Applications and Plug-ins
Microsoft's ActiveX
The Risks of Downloaded Code
Mobile Code II: Java, JavaScript, Flash, and Shockwave
Flash and Shockwave
Web Server Security
Physical Security for Servers
Planning for the Forgotten Threats
Protecting Computer Hardware
Protecting Your Data
Story: A Failed Site Inspection
Host Security for Servers
Current Host Security Problems
Securing the Host Computer
Minimizing Risk by Minimizing Services
Operating Securely
Secure Remote Access and Content Updating
Firewalls and the Web
Securing Web Applications
A Legacy of Extensibility and Risk
Rules to Code By
Securely Using Fields, Hidden Fields, and Cookies
Rules for Programming Languages
Using PHP Securely
Writing Scripts That Run with Additional Privileges
Connecting to Databases
Deploying SSL Server Certificates
Planning for Your SSL Server
Creating SSL Servers with FreeBSD
Installing an SSL Certificate on Microsoft IIS
Obtaining a Certificate from a Commercial CA
When Things Go Wrong
Securing Your Web Service
Protecting Via Redundancy
Protecting Your DNS
Protecting Your Domain Registration
Computer Crime
Your Legal Options After a Break-In
Criminal Hazards
Criminal Subject Matter
Security for Content Providers
Controlling Access to Your Web Content
Access Control Strategies
Controlling Access with Apache
Controlling Access with Microsoft IIS
Client-Side Digital Certificates
Client Certificates
A Tour of the VeriSign Digital ID Center
Code Signing and Microsoft's Authenticode
Why Code Signing?
Microsoft's Authenticode Technology
Obtaining a Software Publishing Certificate
Other Code Signing Methods
Pornography, Filtering Software, and Censorship
Pornography Filtering
Privacy Policies, Legislation, and P3P
Policies That Protect Privacy and Privacy Policies
Children's Online Privacy Protection Act
Digital Payments
Charga-Plates, Diners Club, and Credit Cards
Internet-Based Payment Systems
How to Evaluate a Credit Card Payment System
Intellectual Property and Actionable Content
Actionable Content
Lessons from Vineyard.NET
The SSL/TLS Protocol
P3P: The Platform for Privacy Preferences Project
The PICS Specification
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.