Web Security, Privacy and Commerce, 2nd Edition

Web Security, Privacy & Commerce, 2nd Editionby Simson Garfinkel with Gene SpaffordO'Reilly & Associates 2002ISBN: 0596000456 There are two basic reasons why a book comes out in a second edition: either the author needs the cash or the book needs to be updated. When the first edition of Web Security, Privacy & Commerce came out in 1997, it was titled Web Security & Commerce. Not only has the title changed, but Web security, privacy, and commerce have changed radically in the last five years. The nature of the change and the pace at which it occurs is a large part of the difficulty within information security. Imagine a heart surgeon going on an extended vacation in 1997 and coming back in 2002. Although his surgical technique may be a bit rusty, there is no reason to think that he could not start practicing medicine again right away. However, if you were to take a contemporary information security professional from 1997 and place him in the 2002 workplace, he would be horribly outdated. Technologies that did not exist in 1997, or even 2000, are now ubiquitous, and technologies that were considered cutting edge only a few years ago are now archaic. With that, the update to Web Security, Privacy & Commerce is indeed warranted and welcomed. A glance at the table of contents reveals coverage of nearly every core aspect within Web security. The book provides a comprehensive and impartial look at the technologies and approaches that both management and systems administrators can employ to ensure the security of their networks and systems. The author's impartiality is revealed in chapter 15, which describes several telephone scanner utilities; Garfinkel is the creator of one of the utilities, but makes sure to list the competition (and even has nice things to say about them). Simson Garfinkel and Gene Spafford are veterans in the computer security world. Garfinkel is the author of several highly acclaimed books, and Spafford is a professor of computer science at Purdue University. Their succinct writing style allows them to cover a huge amount of information in a little over 700 pages. The book is divided into four sections: Web technology, privacy and security for users, Web server security, and security for content providers. Part one goes into details about the security foundations of the networks and the Internet. Topics include SSL/TLS, PKI, digital signatures, and biometrics. These seven chapters give the reader a good overview of the essence of information security. Part 2, "Privacy and Security for Users," is quite different from other security books. Whereas other books detail the problems with privacy on the Internet, this book does a good job of showing users various strategies for keeping their personal information private. Garfinkel shows how the real threats to personal privacy are not so much cookies and log files; rather the end-users very own readiness to provide Web and e-commerce sites with their personal info

I work as a computer security analyst for a major consulting firm. Garfinkel's book is head and shoulders above anything else out there.In particular, his handling of the tension between security policy and privacy policy is particularly well written.I highly recommend this book to anyone that wants to develop a detailed understanding of the significant issues that affect doing business on the web.

Having spent a dozen years in what used to be called EDP security, but not having concentrated in the area recently, I found that the book was perfect. It avoids belaboring what is now obvious to everyone, and succeeds in covering the whole spectrum of web security issues in a single volume. It is hard to write about the history of monetized plastic (credit, debit, and smart cards) without either going into great detail or sounding like there is a great new world dawning, but Garfinkel and Spafford tread that narrow line. Similarly, the nuances of PKI very quickly can dominate anything written about it, and the authors succeed in avoiding this trap. It was interesting to see that the authors basically dealt with Denial of Service attacks a couple of years before the "famous" DOS attacks on Yahoo and E-Trade. In short, reading the book won't make you a web security maven, but it most likely will prompt you to ask the right questions about the subject, and can certainly make you sound like one! Super book!

This book looked like to technical first, but after you put your hand on it, you will realize this is one of the best security book in the web world. You could read many (boring!)security book that gave you old definition,bla..bla.bla..but no books could give you what this book will. Web Security & Commerce is just different. It's not very technical, and everybody with IQ above moron will understand this book. Trust me! O'Rielly r00lz!

This book is rare indeed. It presents many topics only briefly covered in other books and gives users an excellent feel for the problems you will encounter in trying to setup and secure a WWW site. Besides the normal stuff, the authors show their innate knowledge of this subject area by including all the ins and outs of downloading information from the web. They also give all you want to know about digital certificates -- how to get them, what they do for you, and how they help to secure your electronic transactions. Besides all these items, the authors include an appendix on the problems Simson had in setting up his own ISP service. This section is also excellent and reveals the kind of knowledge that can only be gained by experience. All in all, a great book. If you are into Web security and Electronic Commerce, this is a good book to buy.