Web Security and Beyond: Protecting your Electronic Commerce Application

3/22/98


Copyright © 1995-1998 Clifford Neuman

Click here to start


Table of Contents

Web Security and Beyond: Protecting your Electronic Commerce Application

Course-Related Material

Syllabus

Characteristics of Electronic Commerce

Unique Security Requirements

Responsibility to the customer

Legislated Security Requirements

Characteristics of the Web

The Web’s Effect on Security

The Web’s Effect on Security

A Common Interface to Multiple Systems

Attacks and their Countermeasures

Kinds of Attacks

Likely points of attack

Countermeasures

Security Policy

Network Attacks

Network Attack Countermeasures

Encrypted Connections

Secure Sockets Layer (and TLS)

Secure HTTP

IP Security

Impersonation Attacks

Impersonation Countermeasures

Cryptographic Authentication Services

Certificate-Based Authentication

Secure Sockets Layer (and TLS)

Kerberos Authentication

Kerberos Protocol

Kerberos Web Integration

Commerce without authentication

Secure Electronic Transactions (SET)

Server Attacks

Server Security Countermeasures

Compartmentalization

Firewalls

Host Security

Recovery

Attacks on the Client System

Attacking the Client

Attacking the Client

Protecting the Client

Spoofing Legitimate Servers

Denial of Service

Traffic Analysis

User Privacy

Protecting Your Privacy

Intrusion detection and audit

Case Studies

Home Banking Applications

Amazon.Com

On-line Trading

Guidelines for Users

Guidelines for Users

Guidelines for Service Providers

Guidelines for Service Providers

The Future of Electronic Commerce

The Future of Electronic Commerce

The Future of Computer Security

The Future of Computer Security

Author: Clifford Neuman

Email: bcn@isi.edu

Home Page: http://clifford.neuman.name

Recommended Reading: click here

Hardcopy Notes: click here

Other material: click here