Security Technologies for the World Wide Web, Second Edition

E-Mail: rolf.oppliger@esecurity.ch
Phone/Fax: +41 079 654 84 37

Aims and Scope

This book gives an overview about all major topics that are relevant for the WWW and its security properties. It can be used for lectures, courses, and tutorials. It can also be used for self-study or serve as a handy reference for Web professionals.

Target Audience

Tthe book is intended for anyone who is concerned about security on the Web, is in charge of security for a network, or manages an organization that uses the WWW as a platform to provide information.

Table of Contents

1. Introduction
2. HTTP Security
3. Proxy Servers and Firewalls
4. Cryptographic Techniques
5. Internet Security Protocols
6. SSL and TLS Protocols
7. Certificate Management and Public Key Infrastructures
8. Authentication and Authorization Infrastructures
9. Electronic Payment Systems
10. Client-side Security
11. Server-side Security
12. Privacy Protection and Anonymity Services
13. Intellectual Property Protection
14. Censorship on the WWW
15. Risk Management
16. Conclusions and Outlook

Abbreviations and Acronyms
About the Author
Index

Reviews

Errata List

• Page xx, line 19/20: The correct URL should read as "http://www.esecurity.ch/Books/wwwsec2e.html" (instead of "http://WWW.esecurity.ch/Books/WWWsec2e.html"). All requests to the flawed URL are redirected to the correct one.
• Page 29, 3rd paragraph, line 8 (exemplary HTTP request): The blank shoud stand between "...Demo/HTTPBasicAuthentication/" and "HTTP/1.0" (instead of "...HTTP/" and "1.0"). Consequently, the correct HTTP request should read as "GET http://www.esecurity.ch/Demo/HTTPBasicAuthentication/ HTTP/1.0."
• Page 37, line 5: "displyed" should be replaced with "displayed" (reported on July 3, 2003, by Michael Brunschweiler).
• Page 38, line 1: "synatx" should be replaced with "syntax" (reported on July 1, 2003, by Philip Iezzi).
• Page 42, line 3 from the bottom: The expression "i.e., crypt()" should be written in normal brackets (instead of square brackets).
• Page 44, lines 1, 3, 5: "AuthCong" should be replaced with "AuthConfig" (reported on July 1, 2003, by Philip Iezzi).
• Page 46, line 3: ".htpasswd utility" should be replaced with "htpasswd utility" (reported on July 1, 2003, by Philip Iezzi).
• Page 46, line 5: ".htpasswd utility" should be replaced with "htdigest utility" (reported on July 1, 2003, by Philip Iezzi).
• Page 98, lines 4/5: D_{k_A} should be replaced with D_{k_A^{-1}} (twice) and D_A(P) should be replaced with D_A(M) in LaTeX notation (reported on April 16, 2003, by Christoph Eberle).
• Page 120, Figure 5.1: "VPT" should be replaced with "VTP" (reported on December 17, 2003, by Holger Grabow).
• Page 164, 3rd paragraph, line 7: "Request" in "CertificateRequest" should be written similar to "Certificate" (reported on July 1, 2003, by Philip Iezzi).
• Page 164, 3rd paragraph, line 11: "Done" in "ServerHelloDone" should be written similar to "ServerHello" (reported on July 1, 2003, by Philip Iezzi).
• Page 180, line 21: "ties" should be replaced with "tries" (reported on July 3, 2003, by Michael Brunschweiler).
• Page 238, 3rd line from the bottom: "prinicpal" should be replaced with "principal" (reported on July 1, 2003, by Philip Iezzi).
• Page 256, line 12: "storesthe" should be replaced with "stores the" (reported on July 3, 2003, by Michael Brunschweiler).
• Page 306, line 5: "perl -e unlink '<*>'" should be replaced with "perl -e 'unlink <*>'" (reported on December 17, 2003, by Holger Grabow).
• Page 311, line 9: "For exampple" should be replaced with "For example" (reported on December 17, 2003, by Holger Grabow).
• Page 336, line 10: "orgnaizations" should be replaced with "organizations" (reported on July 1, 2003, by Philip Iezzi).
• Page 340, line 7: "machanism" should be replaced with "mechanism" (reported on July 3, 2003, by Michael Brunschweiler).
• Page 340, footnote 28: "dynamicaly" should be replaced with "dynamically" (reported on December 17, 2003, by Holger Grabow).