"Web Security, Privacy & Commerce" cuts through the hype and the front page stories. It tells readers what the real risks are and explains how to minimize them. Whether a casual (but concerned) Web surfer or a system administrator responsible for the security of a critical Web server, this book will tells users what they need to know.

Provides information on designing effective security mechanisms for e-commerce sites, covering such topics as cryptography, authentication, information classification, threats and attacks, and certification.

Covers security basics and guides reader through the process of testing a Web site. Explains how to analyze results and design specialized follow-up tests that focus on potential security gaps. Teaches the process of discovery, scanning, analyzing, verifying results of specialized tests, and fixing vulnerabilities.

"The authors . . . bring wide-ranging experience to this work, moving from theory to hands-on, bit-shoveling practical advice." -Steven M. Bellovin A serious security sourcebook for Web professionals and users. The front door is unlocked and wide open. The alarm's not working and no one's home. All of your valuables, money, and intimate details of your life are just sitting inside, waiting to be taken. No, it's not your house . . . it's your computer. The Web now penetrates every aspect of our lives, from the home PC to the business office. But with each advance in convenience comes a geometric increase in vulnerability to the integrity of data and software as well as to the confidentiality of information. Although the flaws inherent in the Web are real, solutions are available. Let Aviel Rubin, Daniel Geer, and Marcus Ranum give you the answers. Here's a book that's valuable today and indispensable for the future. It includes basic and advanced techniques for client-side and server-side security, browser security, writing secure CGI scripts, firewalls, and secure e-commerce. There's a special appendix that demystifies the complex world of cryptography. And the book comes with access to a dedicated Web site containing up-to-the-minute information on the latest security threats and solutions. So whether you're a Webmaster trying to close the door on sites and applications, or an everyday user hoping to keep your desktop safe, this is your essential source on: * Protecting and securing Web pages, search engines, servers, and browsers * Writing impregnable applets and scripts, and avoiding the dangers inherent in every language * Using (and abusing) firewalls and cryptographic controls * Securing commerce and payment transactions

Welcome to the second volume of the Kluwer International Series on ADVANCES IN INFORMATION SECURITY. The goals of this series are, one, to establish the state of the art of and set the course for future research in information security and, two, to serve as a central reference and timely topics in information security research source for advanced and development. The scope of this series includes all aspects of com puter and network security and related areas such as fault tolerance and software assurance. ADVANCES IN INFORMATION SECURITY aims to publish thor ough and cohesive overviews of specific topics in information security, as well as works that are larger in scope or that contain more detailed background information than can be accommodated in shorter survey articles. The series also serves as a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook treat ment. The success of this series depends on contributions by researchers and developers such as yourself. If you have an idea for a book that is appro priate for this series, I encourage you to contact either the Acquisitions Editor for the series, Lance Wobus ([email protected]), or myself, the Consulting Editor for the series ([email protected]). We would be happy about to discuss any potential projects with you. Additional information this series can be obtained from www.wkap.nljseries.htmjADIS.

"This is a very important book . . . mandatory reading for anyone thinking about getting into e-commerce."-Peter G. Neumann Moderator of the Risks Forum and author of Computer Related Risks The World Wide Web is changing the way the world engages in business. With this paradigm shift comes uncertainty about how secure e-commerce transactions are over an inherently insecure medium-the Internet. Businesses have learned the hard way that there is no "silver bullet" solution-not encryption, not firewalls, not even secure protocols. Like a chain, the security of e-commerce is only as strong as its weakest link. Written by security expert Anup K. Ghosh, E-Commerce Security highlights the weak links and provides best defenses for individuals and enterprises connected to the Internet. This valuable guide addresses vulnerabilities in four essential components of electronic commerce-the data transport protocol, Web server, Web clients, and the network server operating system. E-Commerce Security: * Exposes the dangers of new Internet innovations in today's Web browsers, including push technology and desktop integration with the Internet * Methodically explains the dangers of active content programs downloaded from Web sites, such as Java applets, ActiveX controls, and JavaScript * Provides a comparison of different secure protocols for e-commerce, including digital cash protocols used in smart cards * Presents security considerations for Web servers, online databases, and server-side application software * Details shortcomings in firewall technology and other host security measures. Visit our website at www.wiley.com/compbooks/ Visit this book's companion website at www.rstcorp.com/EC-security.html.

The continued growth of e-commerce mandates the emergence of new technical standards and methods that will securely integrate online activities with pre-existing infrastructures, laws and processes. Protocols for Secure Electronic Commerce, Second Edition addresses the security portion of this challenge. It is a full compendium of the protocols for securing online commerce and payments, serving as an invaluable resource for students and professionals in the fields of computer science and engineering, IT security, and financial and banking technology. The initial sections provide a broad overview of electronic commerce, money, payment systems, and business-to-business commerce, followed by an examination of well-known protocols (SSL, TLS, WTLS, and SET). The book also explores encryption algorithms and methods, EDI, micropayment, and multiple aspects of digital money. Like its predecessor, this edition is a general analysis that provides many references to more technical resources. It delivers extensive revisions of previous chapters, along with new chapters on electronic commerce in society, new e-commerce systems, and the security of integrated circuit cards.

Stein presents a practical reference which includes checklists to help evaluate the security level of a Web site. Appendices include complete resource listings of security vendors and tools, firewall solutions and resellers.

Recently, the emergence of wireless and mobile networks has made possible the admission of electronic commerce to a new application and research subject: mobile commerce, defined as the exchange or buying and selling of commodities, services, or information on the Internet through the use of mobile handheld devices. In just a few years, mobile commerce has emerged from nowhere to become the hottest new trend in business transactions. However, the prosperity and popularity of mobile commerce will be brought to a higher level only if information is securely and safely exchanged among end systems (mobile users and content providers). Advances in Security and Payment Methods for Mobile Commerce includes high-quality research papers and industrial and practice articles in the areas of mobile commerce security and payment from academics and industrialists. It covers research and development results of lasting significance in the theory, design, implementation, analysis, and application of mobile commerce security and payment.

Offering developers an inexpensive way to include testing as part of the development cycle, this cookbook features scores of recipes for testing Web applications, from relatively simple solutions to complex ones that combine several solutions.