Web Security - A Step by Step Reference Guide / Edition 1by Lincoln D. Stein
Pub. Date: 12/19/1997
Written for Web site administrators, developers, and end users, this book is a readable, real-world guide to securing your Web site with the latest in security technology, techniques, and tools. Lincoln D. Stein, keeper of the official Web Security FAQ, addresses your most pressing concerns and tells you exactly what you need to know to make your site more secure.
Written for Web site administrators, developers, and end users, this book is a readable, real-world guide to securing your Web site with the latest in security technology, techniques, and tools. Lincoln D. Stein, keeper of the official Web Security FAQ, addresses your most pressing concerns and tells you exactly what you need to know to make your site more secure. He offers concise explanations of essential theory; helps you analyze and evaluate the risks that threaten your site and the privacy of your clients; and provides concrete, step-by-step solutions, checklists of do's and don'ts, on-line and off-line resources, and hardware and software tools that guard your site against security breaches.
Web Security approaches the topic from three different points of view--protecting the end user's confidentiality and the integrity of his or her machine, protecting the Web site from intrusion and sabotage, and protecting both from third-party eavesdropping and tampering.
You will learn about
- securing credit card transactions with the SET protocol
- document encryption with the SSL protocol
- how to guard end users against the dangers of active content and cookies
- monitoring and log tools
- controlling access with passwords, client certificates, and advanced login protocols
- remote authoring
In addition, the book offers practical advice on configuring the operating system securely and eliminating unnecessary features that increase vulnerability. CGI scripts introduce many of the security problems that plague the Web, and this book shows how to avoid these breaches with safe CGI-scripting techniques. You will also learn how to avoid denial-of-service attacks and prevent LAN break-ins through the Web server.
After reading this book, you will have the practical knowledge you need to ensure that your Web site, and your clients' interests, are safe from attack.
- Publication date:
- Product dimensions:
- 7.30(w) x 9.10(h) x 1.20(d)
Table of Contents
1. What Is Web Security?
The Three Parts of Web Security.
The Layout of This Book.
I. DOCUMENT CONFIDENTIALITY.
2. Basic Cryptography.
How Cryptography Works.
Public Key Cryptography.
3. SSL, SET, and Digital Payment Systems.
Secure Sockets Layer.
SET and Other Digital Payment Systems.
SET and Other Digital Money Systems.
II. CLIENT-SIDE SECURITY.
4. Using SSL.
SSL at Work.
5. Active Content .
Bad by Design or Bad by Accident? .
Traditional Threats .
Helper Applications and Plug-Ins .
The Browser as a Security Hole.
What Can You Do?
Changing Active Content Settings.
6. Web Privacy.
What Web Surfing Reveals.
Advice for Users.
Advice for Webmasters.
III. SERVER-SIDE SECURITY.
7. Server Security.
Why Are Websites Vulnerable?
Frequently Asked Questions about Web Server Security.
Overview: Steps to Securing a Website.
8. UNIX Web Servers.
Hardening a UNIX Web Server.
Configuring the Web Server.
Monitor the Integrity of System Files and Binaries.
Back Up Your System.
9. Windows NT Web Servers.
NT Security Concepts.
Windows NT Security Risks.
Securing a Windows NT Web Server.
Configuring the Web Server.
10. Access Control.
Types of Access Control.
Access Control Based on IP Address or Host Name.
Access Control Based on User Name and Password.
Other Types of Access Control.
Access Control and CGI Scripts.
11. Encryption and Certificate-Based Access Control.
SSL-Enabled Web Servers.
Using Client Certificates for Access Control.
Using Client Certificates for Web Server Access Control.
Becoming Your Own Certifying Authority.
12. Safe CGI Scripting.
Introduction to CGI Scripts and Server Modules.
Common Failure Modes.
Safe Scripting in Perl.
13. Remote Authoring and Administration.
Degrees of Trust.
Controlling Access to the Web Server Host.
Remote Authoring Via FTP.
The HTTP PUT Protocol.
An Upload Staging Area.
Administering the Web Server Remotely.
Access to the Server for Web Developers.
14. Web Servers and Firewalls.
What Is a Firewall?
Selecting a Firewall System.
Configuring a Firewall.
Automatic Proxy Configuration for Browsers.
Examining Firewall Logs for Signs of Server Compromise.
and post it to your social network
Most Helpful Customer Reviews
See all customer reviews >