Tìm hiểu làm thế nào để giảm thiểu những rủi ro của các trang web này hướng dẫn toàn diện. Nó bao gồm các lỗ hổng trình duyệt, mối quan tâm riêng tư, các vấn đề với Java, JavaScript, ActiveX, và bổ sung, giấy chứng nhận kỹ thuật số, mật mã, bảo mật máy chủ Web, | Web Security Commerce Simson Garfinkel Eugene H. Spafford First Edition June 1997 ISBN 1-56592-269-7 506 pages Learn how to minimize the risks of the Web with this comprehensive guide. It covers browser vulnerabilities privacy concerns issues with Java JavaScript ActiveX and plugins digital certificates cryptography Web server security blocking software censorship technology and relevant civil and criminal issues. Release Team oR 2001 i 1 ii 2 3 4 5 iii 6 7 8 9 Preface 1 The Web Promises and Threats About This Book Conventions Used in This Book Comments and Questions Acknowledgments In traduction 13 The Web Security Landscape 14 Web Security in a Nutshell The Web Security Problem Credit Cards Encryption and the Web Firewalls Part of the Solution Risk Management User Safety 29 The Buggy Browser Evolution of Risk 30 Browser History Data-Driven Attacks Implementation Flaws A Litany of Bugs Java and JavaScript 38 Java JavaScript Denial-of-Service Attacks JavaScript-Enabled Spoofing Attacks Conclusion Downloading Machine Code with ActiveX and Plug-Ins 56 When Good Browsers Go Bad Netscape Plug-Ins ActiveX and Authenticode The Risks of Downloaded Code Is Authenticode a Solution Improving the Security of Downloaded Code Privacy 69 Log Files Cookies Personally Identifiable Information Anonymizers Unanticipated Disclosure Digital Certificates 77 Digital Identification Techniques 78 Identification Public Key Infrastructure Problems Building a Public Key Infrastructure Ten Policy Questions Certification Authorities and Server Certificates 98 Certificates Today Certification Authority Certificates Server Certificates Conclusion Client-Side Digital Certificates 111 Client Certificates A Tour of the VeriSign Digital ID Center Code Signing and Microsoft s Authenticode 123 Why Code Signing Microsoft s Authenticode Technology Obtaining