Security Technologies for the World Wide Web

A book to be published by Artech House Publishers in the Computer Security Series

[Book Cover]


Rolf Oppliger, Ph.D.
eSECURITY Technologies Rolf Oppliger
Breichtenstrasse 18
CH-3074 Muri b. Bern, Switzerland

Phone/Fax: +41 079 654 84 37

Aims and Scope

Some time ago, I was asked whether my two previous books - Authentication Systems for Secure Networks and Internet and Intranet Security - could also be used to educate professional Webmasters in security matters. Unfortunately, I realized that while the books cover the technologies used to secure applications for the WWW, they are written in a language that is somehow inappropriate for professional Webmasters. Note that these folks are generally familiar with network operating system issues and communication protocols, but they are neither security experts nor cryptographic specialists. They may not even be interested in architectural details and design considerations for cryptographic technologies and protocols that are not widely deployed.

Having in mind the professional Webmaster who must be educated in security matters within a relatively short period of time, I decided to write a book that serves as a corresponding security primer. While writing this book, I realized that it could also be used by common Web users and application developers. The resulting book, Security Technologies for the World Wide Web, overviews and briefly discusses the major topics that are relevant for Web security. The reader of this book will get a sufficiently complete overview of the major topics that are relevant for the WWW and the security thereof.

Target Audience

Tthe book is intended for anyone who is concerned about security on the Web, is in charge of security for a network, or manages an organization that uses the WWW. It can be used for lectures, courses, and tutorials. It can also be used for self-study or serve as a handy reference for Web professionals.

Table of Contents

1. Introduction
2. HTTP User Authentication and Authorization
3. Proxy Servers and Firewalls
4. Cryptographic Techniques
5. Internet Security Protocols
6. The SSL and TLS Protocols
7. Electronic Payment Systems
8. Managing Certificates
9. Executable Content
10. CGI and API Scripts
11. Mobile Code and Agent-based Systems
12. Copyright Protection
13. Privacy Protection and Anonymity Services
14. Censorship on the WWW
15. Conclusions and Outlook

Abbreviations and Acronyms
About the Author


The following people have reviewed the book:

Errata List


Copyright © 2004 Rolf Oppliger