O’Reilly news

New Edition of O'Reilly's Web Security, Privacy & Commerce Addresses Today's Risks in Using the Web

December 10, 2001

Sebastopol, CA--Although nearly half the population of the United States uses the Internet on a regular basis, most will agree that using the Web is not without its risks. Yet, in spite of the danger lurking on the Web, we hear relatively few reports of incidents of cyber crime. It may be that we have been incredibly lucky, says Simson Garfinkel, author with Gene Spafford of Web Security, Privacy & Commerce (O'Reilly, Second Edition, US $44.95). "Today, most Net-based attackers seem to be satisfied with the publicity that their assaults generate," Garfinkel says. "Although there have been online heists, there are so few that they still make the news. Security is weak, but the vast majority of Internet users still play by the rules." But, Garfinkel explains, it may be that our luck is running out.

Despite the obvious risks in using the Web, our society and economy have passed a point of no return, say Garfinkel and Spafford, so that having a presence on the Web now seems to be a fundamental requirement for businesses, governments, and other organizations. Understanding how to minimize and neutralize the destructive power of security threats has become a high priority for users, administrators, and organizations. The newly revised and dramatically expanded second edition of Web Security, Privacy & Commerce cuts through the sensationalism and examines the real issues and risks inherent in the Web.

"This is a book about how to enhance security, privacy, and commerce on the World Wide Web," says Garfinkel. "We've actually got three books in one. The first is a book for users; the second for service providers, and the third is for content providers, that is, the people who publish information on the Web. There are different issues facing each of these groups.

"For users," Garfinkel continues, "the demise of the dot-com economy means that even more companies are looking for ways to make a buck off Internet users--and frequently, that means trying to find ways to capture and resell personal information. Now more than ever, people need to be concerned about online privacy. For service providers, there has been an increased attention to information security as a result of recent current events. And for content providers, it's clear that issues of content control, copyright, and possibly criminal content are here to stay. This book explains all the key issues."

Web Security, Privacy & Commerce is a definitive reference on web security risks and the techniques and technologies that can be used as protection against these risks. Topics in the new edition include:

  • Web technology: cryptography, the Secure Sockets Layer (SSL), the Public Key Infrastructure (PKI), passwords, digital signatures, and biometrics.

  • Web Privacy and security for users: Cookies, log files, spam, web logs, web bugs, personally-identifiable information, and identity theft, as well as hostile mobile code plug-ins, ActiveX controls, Java applets, and JavaScript, Flash and Shockwave programs.

  • Web server security for administrators and content providers: CGI, PHP, SSL certificates, P3P and privacy policies, digital payments, client-side signatures, code signing, pornography filtering, ICS, intellectual property, and legal issues.

What the critics said about the first edition:

"Garfinkel and Spafford deal head on with key elements of Internet and enterprise security. Web Security and Commerce addresses modern security technologies and applications in a comprehensive fashion, and is an important work in the explosive, fast-moving, and highly visible security field."
--Eric Greenberg, Group Security Product Manager, Netscape Communications Corporation

"This is a truly useful book which can help people avoid a lot of the risks in Webware. It is intelligently written, timely, informative, accurate, comprehensive, understandable, and a great pleasure to read. It is the Web-ster's definitive guide to security."
--Peter G. Neumann, moderator of ACM RISKS Forum and author of Computer-Related Risks

"This book is packed with useful information and solid advice for Web users, Webmasters, and developers. Garfinkel and Spafford skip the usual marketing hype and tell us how and why Web security works--or breaks down--in the real world."
--Dr. Edward Felten, head of Princeton University's Secure Internet Programming Group

"If you have a business, and you want to learn how to protect the security of your Web site, or if you're a Web surfer and want to know more about privacy on the Web, a new book, Web Security & Commerce by Simson Garfinkel with Gene Spafford, is the best I've seen."
--Michael Ketcher, Bull & Bear Financial Report, March 1998

"Garfinkel and Spafford provide a thorough, engrossing, and disconcerting overview of all the relevant security issues...an excellent book all around--generous with technical detail and practical examples, yet accessible and fascinating to read. It's recommended for anyone who's interested in the subject."
--John Frazer Dobson, Computer Shopper, June 1998

Online Resources:

Web Security, Privacy & Commerce
By Simson Garfinkel, with Gene Spafford
Second Edition, November 2001
ISBN 0-596-00045-6, 756 pages, $44.95 (US)

About O’Reilly

O’Reilly, the premier learning platform for technology professionals, offers the industry’s most extensive catalog of high-quality technical and professional skills development courses. From AI, programming, and cloud technologies to essential business skills such as leadership training and critical thinking, O’Reilly delivers highly trusted content from its network of renowned experts that meets a diverse array of learning needs, with over 5,000 role-based on-demand courses, nearly 200 live events each month, access to interactive sandboxes and labs, and more. For more information, visit www.oreilly.com.

Email a link to this press release