Preface ix
Chapter 1 What Is Web Security? 1 (12)
The Three Parts of Web Security 1 (2)
Risks 3 (7)
The Layout of This Book 10 (3)
PART I Document Confidentiality 13 (48)
Chapter 2 Basic Cryptography 15 (20)
How Cryptography Works 15 (2)
Symmetric Cryptography 17 (3)
Public Key Cryptography 20 (13)
Online Resources 33 (1)
Printed Resources 34 (1)
Chapter 3 SSL, SET, and Digital Payment 35 (26)
Systems
Secure Sockets Layer 36 (8)
SET and Other Digital Payment Systems 44 (13)
Checklist 57 (3)
Online Resources ... 60 (1)
SET and Other Digital Money Systems 60 (1)
PART II Client-Side Security 61 (92)
Chapter 4 Using SSL 63 (26)
SSL at Work 63 (10)
Personal Certificates 73 (13)
Checklist 86 (2)
Online Resources 88 (1)
Printed Resources 88 (1)
Chapter 5 Active Content 89 (36)
Bad by Design or Bad by Accident? 89 (1)
Traditional Threats 90 (2)
Helper Applications and Plug-Ins 92 (3)
Java 95 (5)
ActiveX 100(6)
JavaScript and VBScript 106(3)
The Browser as a Security Hole 109(2)
Exotic Technologies 111(1)
What You Can Do 112(3)
Changing Active Content Settings 115(6)
Checklist 121(1)
Resources 122(3)
Chapter 6 Web Privacy 125(28)
What Web Surfing Reveals 125(3)
Server Logs 128(6)
Cookies 134(4)
PICS 138(3)
Advice for Users 141(4)
Advice for Webmasters 145(2)
Policy Initiatives 147(2)
Checklist 149(2)
Resources 151(2)
PART III Server-Side Security 153(268)
Chapter 7 Server Security 155(16)
Why Are Web Sites Vulnerable? 156(9)
Frequently Asked Questions About Web Server 165(2)
Security
Overview: Steps to Securing a Web Site 167(2)
Resources 169(2)
Chapter 8 UNIX Web Servers 171(36)
Hardening a UNIX Web Server 171(14)
Configuring the Web Server 185(7)
Monitoring Logs 192(8)
Monitor the Integrity of System Files and 200(1)
Binaries
Back Up Your System 201(1)
Checklist 202(2)
Online Resources 204(2)
Printed Resources 206(1)
Chapter 9 Windows NT Web Servers 207(38)
NT Security Concepts 207(4)
Windows NT Security Risks 211(3)
Securing a Windows NT Web Server 214(20)
Configuring the Web Server 234(6)
Checklist 240(2)
Online Resources 242(1)
Printed Resources 243(2)
Chapter 10 Access Control 245(32)
Types of Access Control 245(1)
Access Control Based on IP Address or Host 246(9)
Name
Access Control Based on User Name and 255(17)
Password
Other Types of Access Control 272(1)
Access Control and CGI Scripts 273(1)
Checklist 274(1)
Online Resources 275(2)
Chapter 11 Encryption and Certificate-Based 277(36)
Access Control
SSL-Enabled Web Servers 277(15)
Using Client Certificates for Access Control 292(4)
Using Client Certificates for Web Server 296(5)
Access Control
Becoming Your Own Certifying Authority 301(7)
Final Words 308(1)
Checklist 308(3)
Online Resources 311(1)
Printed Resources 312(1)
Chapter 12 Safe CGI Scripting 313(36)
Introduction to CGI Scripts and Server 313(3)
Modules
Common Failure Modes 316(11)
Other Advice 327(13)
Safe Scripting in Perl 340(2)
CGI Wrappers 342(2)
Checklist 344(3)
Online Resources 347(1)
Printed Resources 348(1)
Chapter 13 Remote Authoring and 349(38)
Administration
Degrees of Trust 349(1)
Controlling Access to the Web Server Host 350(4)
Remote Authoring Via FTP 354(7)
Microsoft FrontPage 361(13)
The HTTP PUT Protocol 374(1)
An Upload Staging Area 375(4)
Administering the Web Server Remotely 379(3)
Access to the Server for Web Developers 382(1)
Checklist 383(1)
Online Resources 384(2)
Printed Resources 386(1)
Chapter 14 Web Servers and Firewalls 387(34)
What Is a Firewall? 387(4)
Selecting a Firewall System 391(3)
Configuring a Firewall 394(17)
Automatic Proxy Configuration for Browsers 411(5)
Examining Firewall Logs for Signs of Server 416(1)
Compromise
Checklist 417(2)
Online Resources 419(1)
Printed Resources 420(1)
Bibliography 421(2)
Index 423