Web Security and Beyond:� Protecting your Electronic Commerce Application
Course-Related Material
Syllabus
Characteristics of Electronic Commerce
Unique Security Requirements
Responsibility to the customer
Legislated Security Requirements
Characteristics of the Web
The Web’s Effect on Security
The Web’s Effect on Security
A Common Interface to Multiple Systems
Attacks and their Countermeasures
Kinds of Attacks
Likely points of attack
Countermeasures
Security Policy
Network Attacks
Network Attack Countermeasures
Encrypted Connections
Secure Sockets Layer (and TLS)
Secure HTTP
IP Security
Impersonation Attacks
Impersonation Countermeasures
Cryptographic Authentication Services
Certificate-Based Authentication
Secure Sockets Layer (and TLS)
Kerberos Authentication
Kerberos Protocol
Kerberos Web Integration
Commerce without authentication
Secure Electronic Transactions (SET)
Server Attacks
Server Security Countermeasures
Compartmentalization
Firewalls
Host Security
Recovery
Attacks on the Client System
Attacking the Client
Attacking the Client
Protecting the Client
Spoofing Legitimate Servers
Denial of Service
Traffic Analysis
User Privacy
Protecting Your Privacy
Intrusion detection and audit
Case Studies
Home Banking Applications
Amazon.Com
On-line Trading
Guidelines for Users
Guidelines for Users
Guidelines for Service Providers
Guidelines for Service Providers
The Future of Electronic Commerce
The Future of Electronic Commerce
The Future of Computer Security
The Future of Computer Security
Copyright © 1995-1998 Clifford Neuman