Security Technologies for the World Wide Web

A book to be published by Artech House Publishers in the Computer Security Series

Author

Rolf Oppliger, Ph.D.
eSECURITY Technologies Rolf Oppliger
Breichtenstrasse 18
CH-3074 Muri b. Bern, Switzerland

E-Mail: rolf.oppliger@esecurity.ch
Phone/Fax: +41 079 654 84 37

Aims and Scope

Some time ago, I was asked whether my two previous books - Authentication Systems for Secure Networks and Internet and Intranet Security - could also be used to educate professional Webmasters in security matters. Unfortunately, I realized that while the books cover the technologies used to secure applications for the WWW, they are written in a language that is somehow inappropriate for professional Webmasters. Note that these folks are generally familiar with network operating system issues and communication protocols, but they are neither security experts nor cryptographic specialists. They may not even be interested in architectural details and design considerations for cryptographic technologies and protocols that are not widely deployed.

Having in mind the professional Webmaster who must be educated in security matters within a relatively short period of time, I decided to write a book that serves as a corresponding security primer. While writing this book, I realized that it could also be used by common Web users and application developers. The resulting book, Security Technologies for the World Wide Web, overviews and briefly discusses the major topics that are relevant for Web security. The reader of this book will get a sufficiently complete overview of the major topics that are relevant for the WWW and the security thereof.

Target Audience

Tthe book is intended for anyone who is concerned about security on the Web, is in charge of security for a network, or manages an organization that uses the WWW. It can be used for lectures, courses, and tutorials. It can also be used for self-study or serve as a handy reference for Web professionals.

Table of Contents

1. Introduction
2. HTTP User Authentication and Authorization
3. Proxy Servers and Firewalls
4. Cryptographic Techniques
5. Internet Security Protocols
6. The SSL and TLS Protocols
7. Electronic Payment Systems
8. Managing Certificates
9. Executable Content
10. CGI and API Scripts
11. Mobile Code and Agent-based Systems
12. Copyright Protection
13. Privacy Protection and Anonymity Services
14. Censorship on the WWW
15. Conclusions and Outlook

Glossary
Abbreviations and Acronyms
About the Author
Index

Reviews

The following people have reviewed the book:

Wael A. Hassan (Linux Journal)
Gordon Mitchell (Security Management)
Robert Slade
Wang Zhengying and Liu Wei

Errata List

Page 52, Table 3.1: Replace the term "Socket Calls" with "Sockets Calls" (Reported on February 1, 2001 by Ruedi Rytz)
Page 64, line 2: Replace the term "radiobox" with "radio button" (Reported on February 1, 2001 by Ruedi Rytz)
Page 97, Figure 5.2: Replace the acronym "VPT" with "VTP" (Reported on February 1, 2001 by Ruedi Rytz)
Page 98, 2nd paragraph: Remove last sentence saying "Whenever needed, we use the term POP in this book," (Reported on February 1, 2001 by Ruedi Rytz)
Page 100, 4th paragraph: Insert the word "control" between "PPP compression" and "protocol (CCP) [12], ... " (Reported on February 1, 2001 by Ruedi Rytz)
Page 102, 1st sentence: Replace the sentence with "First, the 14 leading characters (case-sensitive) of the password are converted to Unicode;" (Reported on February 1, 2001 by Ruedi Rytz)
Page 105, Footnote 13: Footnote should refer to footnote 7 instead of footnote 8 (Reported on February 1, 2001 by Ruedi Rytz)

News

A second edition of the book is available.
A Chinese translation of the book (ISBN 7-115-09028-9) is available from the People's Posts & Telecommunications Publishing House (PPTPH).