Book Review: "Web Security: A Step-by-Step Reference Guide"

Book Review: "Web Security: A Step-by-Step Reference Guide"

Post by Rob Slad » Thu, 09 Apr 1998 04:00:00


"Web Security: A Step-by-Step Reference Guide", Lincoln D. Stein,
1998, 0-201-62489-9, U$29.95

%C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
%D   1998
%G   0-201-62489-9
%I   Addison-Wesley Publishing Co.

%P   448 p.
%T   "Web Security: A Step-by-Step Reference Guide"

As it happened, this book came off the stack on a night when I wanted
nothing more than to wander off to bed.  Despite my sleep deprivation
I managed not only to finish the book, but even to enjoy it.  Any
technical book with security in the title that can hold interest like
that has to have something going for it.

The book covers all aspects of Web security, as laid out in chapter
one: the client or browser concern for privacy and safety of active
content, the Web server concern for availability of service and
prevention of intrusion, and the concern that both share for
confidentiality and fraud.  Chapter two provides a brief but accurate
overview of cryptography as the backbone of secure systems operating
over unsecured channels.  (There is only one oddity that I noted, when
512 bit RSA public key encryption was compared in strength with 40 bit
RC2 and RC4 systems.)  More of the basics like Secure Sockets Layer
(SSL) and Secure Electronic Transactions (SET) are described in
chapter three, along with various forms of digital cash.

Part two looks at client-side security, with further discussions of
the use of SSL in chapter four.  Chapter five details active content,
with particular attention to ActiveX and Java.  "Web Privacy," in
chapter six, is an excellent and practical guide to the realities and
myths about information that can be gleaned from your browsing
activities.  Included are practical tips about keeping your system
from finking on you.  (Windows users should note that the files
referred to are not always in the paths specified, due to the variety
of ways that Windows programs can be installed.)

The bulk of the book, as might be expected, deals with server-side
security, this being the slightly more complex side of the issue.
Chapter seven provides an overview of the various vulnerabilities and
loopholes to watch and plug.  UNIX and Windows NT servers are dealt
with in chapters eight and nine respectively.  These chapters don't
assume much familiarity with the system security functions of the
systems, but do stick primarily to the server specific topics.  Access
control is a major part of any security setup, and is covered in
chapter ten.  Encryption and certificates are revisited in chapter
eleven, concentrating on use in access control.  CGI (Common Gateway
Interface) scripting has been a major source of Web security risks,
and chapter twelve points out safe, and unsafe, practices in
programming scripts.  Chapter thir* discusses remote authoring and
administration.  Firewalls are often seen as the be-all and end-all of
Internet security, and Stein covers the reality in chapter four*.

Each chapter contains references to both online and printed sources of
information, and these resources are all of high quality and useful.

As noted, the book is not only readable, but even enjoyable.  The
writing is clear and accurate, giving the reader both concepts and
practical tasks in minimum time with maximum comprehension.  Although
the bulk of the book is for Webmasters, the casual user can not only
read it but get a great deal of value from it.  Any ISP that does not
have it on their customer support bookshelf should held criminally

copyright Robert M. Slade, 1998   BKWEBSEC.RVW   980201


1. Book Review: "SGML on the Web: Small Steps Beyond HTML"


"SGML on the Web Small Steps Beyond HTML", Yuri Rubinsky/Murray Maloney, 1997,
0-13-519984-0, U$44.95/C$62.95
%A   Yuri Rubinsky
%A   Murray Maloney
%C   One Lake St., Upper Saddle River, NJ   07458
%D   1997
%G   0-13-519984-0
%I   Prentice Hall

%P   499
%S   Charles F. Goldfarb Series on Open Information Management
%T   "SGML on the Web Small Steps Beyond HTML"

HTML (HyperText Markup Language) is written in SGML (Standard
Generalized Markup Language).  SGML's most successful, or certainly
most widely known, application is HTML.  This book starts by using a
simplified version of HTML as an example of the construction of an
SGML DTD (Document Type Definition).  Having established the basics,
the book goes on to show how SGML can be used to define extensions to
HTML, or simply create more advanced types of documents.

For those who already know HTML, this provides a very clear introduction to
advanced document handling.  (And these days, who doesn't know HTML?)

copyright Robert M. Slade, 1997   BKSWSSBH.RVW   970226

2. bootstrap, jackknife & cross-validation with matlab

3. "SPC" Xbar (was Re: Step-by-Step Offices)

4. WTB: SCSI card for IIe

5. Need Hard Drive H-E-L-P!!!!!!!

6. Network Monitoring Software

7. Book Review: "Cyberspace: First Steps" by Benedikt

8. Book Review: "Poser's Guide to the Internet and World Wide Web"

9. Book Review: "The Complete Idiot's Guide to the World Wide Web"

10. Book Review: "Web Developer's Guide to Sound and Music"

11. Book Review: "Web Security Sourcebook", Aviel D. Rubin/Daniel Geer