Web Security : A Step-by-Step Reference Guide

Unfortunately, there's a lot to worry about. If you are an end user, you might think that Web surfing is safe and entirely anonymous. It's not. Active content, such as ActiveX controls and Java applets, introduces the possibility that Web browsing will introduce viruses and other types of malicious software into your system. Even without active content, the very act of browsing leaves an electronic record of your surfing history from which unscrupulous individuals can reconstruct a very accurate profile of the your tastes and habits.

If you are a Webmaster, an attack on your site can threaten your job security. Whether motivated by thrills or financial gain, Internet vandals break into Web sites with unnerving regularity. The results can range from the merely embarassing (when you discover one morning that your site's home page has been replaced by an obscene parody), to the acutely damaging (when you suffer the theft of your entire database of customer information.)

If you are the network administrator, a Web server represents yet another way that your local network's security can be compromised. A poorly configured Web server can punch a hole in the most carefully designed firewall system. Conversely, a poorly configured firewall can make a Web site impossible to use. Things are particularly complicated in intranet environments, where the Web server must be configured to recognize and authenticate various groups of users, each with distinct access privileges. Active content also has implications for network administrators, as Web browsers provide a pathway by which malicious software can bypass the firewall system and enter the local area network.

Finally, both end users and Webmasters need to worry about the confidentiality of the data transmitted across the Web. The TCP/IP protocol was not designed with security in mind; hence it is vulnerable to network eavesdropping. When confidential documents are transmitted from the Web server to the browser, or when the end-user sends private information back to the server inside a fill-out form, someone may be listening in.

This book started out life some years ago as the World Wide Web Security FAQ (Frequently Asked Questions -- with answers), a practical on-line list of do's and don'ts for Webmasters. It was an instant hit, and soon grew to cover the topics of end user privacy, safe CGI scripting, cryptography, site access control, operating system security, certificate server management, remote authoring, firewall configuration and an ever-expanding list of security holes in popular Web servers and authoring tools. When the FAQ got too large to easily maintain in on-line form, I transformed it into this book, which still retains the down to earth flavor of the original.

Table of Contents:

Preface
1. What Is Web Security?
2. Basic Cryptography
3. SSL, SET, and Digital Payment Systems
4. Using SSL
5. Active Content
6. Web Privacy
7. Server Security
8. UNIX Web Servers
9. Windows NT Web Servers
10. Access Control
11. Encryption and Certificate-Based Access Control
12. Safe CGI Scripting
13. Remote Authoring and Administration
14. Web Servers and Firewalls
Index

Rating:
Summary: Every Internet Developer needs it
Review: Before reading the book always thought that what are the ways to secure the confidential info on your web site? This book will gives you a answers to all the question. After reading the book now understands how and why? Every Project Lead plus Project Manager involved in anykind of Web development needs to have this book in their shelves.

Rating:
Summary: excellent for starters
Review: Explains the basics of Web Security very well. Discusses public keys, SSL, certificates and related issues in plain English; provides meaningful figures/diagrams. Nice book to own and have handy on your bookshelf.

Rating:
Summary: This is a good site for student!
Review: I am zhao ke, and I am studing at the Electric Engineering department of hunan Universtiy of China.I like this site, and I often come to this site to find any good book about computer network.Every time, I find a good book I want to get.I am very happy at this site. I hope every student come to this site to find book they want!

Rating:
Summary: An Excellent Primer
Review: I've read this book twice now. Once when I first bought it and again a couple weeks ago. My reaction after the second reading was an intense desire to unplug every electronic device in my house - even the microwave - and smash them with a very large hammer.

Why, you ask? Because there is no way, I repeat, NO WAY to truly, totally and completely protect yourself from invasions to your privacy in the modern world. It almost makes me sympathize with those radical survivalist-types.

Mr. Stein clearly and concisely lays out the hazards of surfing the web, sending and receiving e-mail, and doing a number of other things on the Internet. He gives a lot of the history and background of various technologies (JavaScript, Cookies, etc.), explaining how things got the way they are now, and where they are going in the future. He further gives practical suggestions that anyone can implement to practice "safe surf".

Web Security contains content for systems administrators, web designers and lay-people alike. Better yet, these sections are cleanly separated making it easy for technical and non-technical folks to easily get to information that most interests them. Best of all, the entire book is written in English - not techno-babble - so you don't have to have a degree from MIT to understand it.

If you have been looking for a good introduction to security issues on the Internet, this book is a must-have!

Rating:
Summary: This book is a must-read....
Review: This book is a must-read for web site administrators, developers and end users. Lincoln Stein, keeper of the official Web security FAQ, addresses your most pressing concerns and tells you exactly what you need to know to make your site more secure. The book includes coverage of the latest in security technology, techniques and tools. In addition, the book offers practical advice on configuring the operating system securely and eliminating unnecessary features that increase vulnerability. It will also show you how to avoid denial-of-service attacks and prevent LAN break-ins through the Web server. After reading this book, you will have the practical knowledge you need to ensure that your Web site and your client's interests are safe from attack.

Rating:
Summary: Excellent, but dated
Review: This is an excellent book on web security.

It is dated, but has a ton of good info nonetheless.