自从这部经典之作的第一版出版以来,world wide Web的应用得到了迅速普及,电子商务已经成为人们日常工作和生活的一部分。Web的成长也带来了对我们的安全性和个人隐私的威胁——从信用卡诈骗到商家对个人隐私的入侵,从对Web站点的丑化攻击到彻底瘫痪掉一些流行的站点。\r\n 《Web安全与电子商务(影印版)》一书研究了当今面临的主要安全问题,本书的篇幅几乎是第一版的两倍,对相关的内容进行了全面的更新,力图成为Web安全问题的权威参考书。读者可以使用书中介绍的技术和技巧保护你的个人隐私、公司、系统和网络。本书的主题包括:\r\n·Web技术——密码系统、安全套接层(SSL)、公共密钥构架(PKl)、密码、数字签名和生物统计学。\r\n·用户的Web隐私和安全机制——Cookie、日志文件、spam、Web日志、个人信用信息、身份盗窃,以及插件、ActiveX控件、Java applet和JavaScript、Flash、Shockwave程序中的怀有敌意的活动代码。\r\n·管理员和内容提供商的Web服务器安全机制——CGI、PHP、SSL证书、P3P和隐私策略、数字支付、客户机方签名、代码签名、色情内容过滤、PICS、智能属性和法律问题。
Preface\r\n\r\nPart I. Web Technology\r\n\r\n1. The Web Security Landscape\r\nThe Web Security Problem\r\nRisk Analysis and Best Practices\r\n\r\n2. The Architecture of the World Wide Web\r\nHistory and Terminology\r\nA Packet's Tour of the Web\r\nWho Owns the Internet?\r\n\r\n3. Cryptography Basic\r\nUnderstanding Cryptography\r\nSymmetric Key Algorithms\r\nPublic Key Algorithms\r\nMessage Digest Functions\r\n\r\n4. Cryptography and the Web\r\nCryptography and Web Security\r\nWorking Cryptographic Systems and Protocols\r\nWhat Cryptography Can't Do\r\nLegal Restrictions on Cryptography\r\n\r\n5. Understanding SSL and TLS\r\nWhat Is SSL?\r\nSSL: The User's Point of View\r\n\r\n6. Digital Identification 1: Passwords, Biometrics, and Digital Signatures\r\nPhysical Identification\r\nUsing Public Keys for Identification\r\nReal-World Public Key Examples\r\n\r\n7. Digital Identification 11: Digital Certificates, CAs, and PKI\r\nUnderstanding Digital Certificates with PGP\r\nCertification Authorities: Third-Party Registrars\r\nPublic Key Infrastructure\r\nOpen Policy Issues\r\n\r\nPart II. Privacy and Security for Users\r\n\r\n8. The Web's War on Your Privacy\r\nUnderstanding Privacy\r\nUser-Provided Information\r\nLog Files\r\nUnderstanding Cookies\r\nWeb Bugs\r\nConclusion\r\n\r\n9. Privacy-Protecting Techniques\r\nChoosing a Good Service Provider\r\nPicking a Great Password\r\nCleaning Up After Yourself\r\nAvoiding Spam and Junk Email\r\nIdentity Theft\r\n\r\n10. Privacy-Protecting Technologies\r\nBlocking Ads and Crushing Cookies\r\nAnonymous Browsing\r\nSecure Email\r\n\r\n11. Backups and Antitheft\r\nUsing Backups to Protect Your Data\r\nPreventing Theft\r\n\r\n12. Mobile Code I: Plug-Ins, ActiveX, and Visual Basic\r\nWhen Good Browsers Go Bad\r\nHelper Applications and Plug-ins\r\nMicrosoft's ActiveX\r\nThe Risks of Downloaded Code\r\nConclusion\r\n\r\n13. Mobile Code II: Java, JavaScript, flash, and Shockwave\r\nJava\r\nJavaScript\r\nFlash and Shockwave\r\nConclusion\r\n\r\nPart III. Web Server Security\r\n\r\n14. Physical Security for Servers\r\nPlanning for the Forgotten Threats\r\nProtecting Computer Hardware\r\nProtecting Your Data\r\nPersonnel\r\nStory: A Failed Site Inspection\r\n\r\n15. Host Security for Servers\r\nCurrent Host Security Problems\r\nSecuring the Host Computer\r\nMinimizing Risk by Minimizing Services\r\nOperating Securely\r\nSecure Remote Access and Content Updating\r\nFirewalls and the Web\r\nConclusion\r\n\r\n16. Securing Web Applications\r\nA Legacy of Extensibility and Risk\r\nRules to Code By\r\nSecurely Using Fields, Hidden Fields, and Cookies\r\nRules for Programming Languages\r\nUsing PHP Securely\r\nWriting Scripts That Run with Additional Privileges\r\nConnecting to Databases\r\nConclusion\r\n\r\n17. Deploying SSL Server Certificates\r\nPlanning for Your SSL Server\r\nCreating SSL Servers with FreeBSD\r\nInstalling an SSL Certificate on Microsoft IIS\r\nObtaining a Certificate from a Commercial CA\r\nWhen Things Go Wrong\r\n\r\n18. Securing Your Web Service\r\nProtecting Via Redundancy\r\nProtecting Your DNS\r\nProtecting Your Domain Registration\r\n\r\n19. Computer Crime\r\nYour Legal Options After a Break-In\r\nCriminal Hazards\r\nCriminal Subject Matter\r\n\r\nPart IV. Security for Content Providers\r\n\r\n20. Controlling Access to Your Web Content\r\nAccess Control Strategies\r\nControlling Access with Apache\r\nControlling Access with Microsoft IIS\r\n\r\n21. Client-Side Digital Certificates\r\nClient Certificates\r\nA Tour of the VeriSign Digital ID Center\r\n\r\n22. Code Signing and Microsoft's Authenticode\r\nWhy Code Signing?\r\nMicrosoft's Authenticode Technology\r\nObtaining a Software Publishing Certificate\r\nOther Code Signing Methods\r\n\r\n23. Pornography, Filtering Software, and Censorship\r\nPornography Filtering\r\nPICS\r\nRSACi\r\nConclusion\r\n\r\n24. Privacy Policies, Legislation, and P3P\r\nPolicies That Protect Privacy and Privacy Policies\r\nChildren's Online Privacy Protection Act\r\nP3P\r\nConclusion\r\n\r\n25. Digital Payments\r\nCharga-Plates, Diners Club, and Credit Cards\r\nInternet-Based Payment Systems\r\nHow to Evaluate a Credit Card Payment System\r\n\r\n26. Intellectual Property and Actionable Content\r\nCopyright\r\nPatents\r\nTrademarks\r\nActionable Content\r\n\r\nPart V. Appendixes\r\n\r\nA. Lessons from Vineyard.NET\r\nB. The SSL/ TLS Protocol\r\nC. P3P: The Platform for Privacy Preferences Project\r\nD. The PICS Specification\r\nE. References\r\n\r\nIndex
第二书店&China-pub战略联盟提供专业服务
第二书店联系方式 010-64348411 webmaster@dearbook.com