Attacks on government Web sites, break-ins at Internet service providers, electronic credit card fraud, invasion of personal privacy by merchants as well as hackers--is this what the World Wide Web is really all about?

Web Security & Commerce cuts through the hype and the front page stories. It tells you what the real risks are and explains how you can minimize them. Whether you're a casual (but concerned) Web surfer or a system administrator responsible for the security of a critical Web server, this book will tell you what you need to know. Entertaining as well as illuminating, it looks behind the headlines at the technologies, risks, and benefits of the Web. Whatever browser or server you are using, you and your system will benefit from this book.

Topics include:

• User safety--browser vulnerabilities (with an emphasis on Netscape Navigator and Microsoft Internet Explorer), privacy concerns, issues with Java, JavaScript, ActiveX, and plug-ins.
• Digital certificates--what they are, how they assure identity in a networked environment, how certification authorities and server certificates work, and what code signing all about.
• Cryptography--an overview of how encryption works on the Internet and how different algorithms and programs are being used today.
• Web server security--detailed technical information about SSL (Secure Socket Layer), TLS (Transport Layer Security), host security, server access methods, and secure CGI/API programming.
• Commerce and society--how digital payments work, what blocking software and censorship technology (e.g., PICS and RSACi) is about, and what civil and criminal issues you need to understand.

Average Customer Review: ( 10 customer reviews )
Write an online review and share your thoughts with other customers.

I have 2 main problems with it. Firstly, it's simply getting a little old. While 85% of it is still relevant, I'd like to see a second edition. They spend too much time talking about Netscape 3 problems for my liking.

Second is the reason it lost a star. The guys who wrote this obviously know their stuff, but in some ways know it a little too well. The result of this is when they go to explain a subject (public key infrastructure for example) they have a tendency to jump straight into the details, implementation issues, problems, etc, without ever giving you a big picture of it first - or only very briefly if they do. If you understand the basic principles of all security concepts, then this is great, but if like me, you bought this book to learn about fundamentals, I found myself on several occassions doing research on the web to understand the big picture before going back to the book.

But for a good overview for people who are at least semi-technical, it's not bad.

8 of 10 found the following review helpful:

Right on the mark!Apr 14, 2000
By Geoffrey Brown
Having spent a dozen years in what used to be called EDP security, but not having concentrated in the area recently, I found that the book was perfect. It avoids belaboring what is now obvious to everyone, and succeeds in covering the whole spectrum of web security issues in a single volume. It is hard to write about the history of monetized plastic (credit, debit, and smart cards) without either going into great detail or sounding like there is a great new world dawning, but Garfinkel and Spafford tread that narrow line. Similarly, the nuances of PKI very quickly can dominate anything written about it, and the authors succeed in avoiding this trap. It was interesting to see that the authors basically dealt with Denial of Service attacks a couple of years before the "famous" DOS attacks on Yahoo and E-Trade. In short, reading the book won't make you a web security maven, but it most likely will prompt you to ask the right questions about the subject, and can certainly make you sound like one! Super book!

5 of 6 found the following review helpful:

Valuable to Technical & Non-Technical ReadersMar 14, 2001
By Linda Zarate "IT Ops Consultant"
This book is an ideal introduction to the broad landscape of security methods and technologies for non-technical users. It is also an excellent resource for IT professionals who need to quickly get up-to-speed on web security.

My background is mostly "big iron", consisting of 24 years of mainframe and mid-range experience and a little more than a year in distributed computing (UNIX/Linux, network, etc.). In the good old days security consisted of RACF, ACLs, and some common sense rules about physical and logical access controls. Not so today, and until I read this book I had a nagging feeling that there was a large gap in my professional knowledge. Moreover, as a home user who spent a lot of time on the web I would get frustrated by messages issued by my browser about certificates. This book came to my rescue on all counts.

The first two sections, The Web Security Landscape and User Safety, were illuminating. If a non-technical user only read these parts of the book he or she would come away with a good understanding of the risks faced on the web, and how to mitigate or eliminate them. The one complaint I have about these two sections is the material is woefully out of date. I subtracted a star from my rating for this reason.

The next three sections of the book is a wide survey of security technologies that cover digital certificates, cryptography, web server security. These provided me with a basic understanding of technologies that I need to know as an IT professional working in distributed environments. When comparing what I needed to know about security in the mainframe world to what I need to know as an IT consultant I could not help thinking, "We're not in Kansas anymore!" The material was clear and easy to understand and built my personal self-confidence. This part of the book will not make you an expert by any means, but you will come away with a good grasp of the elements of web security and a very basic understanding of how everything works and fits together.

Commerce and Society is the title of the book's last section and contains thought-provoking information on topics such as digital payments, censorship technology and the such. I especially liked the two chapters that addressed civil and criminal legal issues. Despite the fact that this book is out of date with respect to specific products it is a great introduction to web security. Unlike other O'Reilly books that are deeply technical, this one can be easily understood by home and business users as well as IT professionals. I personally gained a lot from the book and highly recommend it.

5 of 6 found the following review helpful:

Interesting, Informative, Novice to IntermediateFeb 11, 1999

I enjoyed this book. I found the writing to be easily understood. This is probably not an "Advanced" users guide, but is extremely useful for people who want to advance from a novice understanding to a more intermediate one.

See all 10 customer reviews on Amazon.com