Security & Privacy for E-business

Defend your business from hack attacks with well-engineered e-business systems

Security & Privacy for E-Business

"When it comes to e-commerce security, it's all about the software," asserts e-commerce security expert Anup Ghosh. Using powerful examples and case studies, he provides a remarkably lucid and compelling discussion of how software flaws make your e-business vulnerable to attacks and what you can do to guard against them. Rather than focusing on firewalls and encryption tools, Ghosh presents a proactive engineering approach that tackles the problem at its source — software — and helps ensure the security and reliability of your e-commerce systems. You'll get complete guidance on how to build secure systems from the ground up, learn to balance technical and business requirements while providing privacy for your customers, and discover the inside track on a variety of cutting-edge topics, including:

• Software risk management and secure e-business systems engineering and testing
• Denial-of-service attacks, buffer overrun attacks, worms, Web server exploits, and cyber threats to all components of e-business systems
• Software risks in wireless PDAs, WAP-enabled phones, and e-commerce applications
• Mobile code and the growing threat of malware (malicious code)
• Why online privacy — including P3P — is good business

1. E-Commerce in the Twenty-First Century
• Three Waves of E-Commerce
• Screen Scraping
• Machine-to-Machine Commerce
• Hyper-Distributed Computing
• Principal Drivers of E-Commerce
• The Changing Paradigm of Computing
• Risks in E-Commerce
2. Security Is a Software Problem
• Software in the Stone Age
• The PC Revolution
• The Internet Revolution
• A People Problem
• Case Studies in Software Security Vulnerabilities
• The Standard Denial-.of-Service Attack
• The Distributed Denial-of-Service Attack
• Denial-of-Service Defenses
• The Buffer Overrun Attack
• Last Word
• Notes
3. Securing Software
• Design for Security
• Engineering Secure Business Systems
• Taking Speculative Risks
• Software Risk Management
• Security-Oriented Software Engineering
• Fair Warning
• Notes
4. Weak Links in E-Commerce
• Breaking E-Commerce Systems
• Case Study of Breaking an E-Business
• E-Commerce System Security
• Who's Protecting the E-Commerce Applications?
• Components and Vulnerabilities in E-Commerce Systems
• Looking Ahead
• Notes
5. Mobile and Malicious Code
• Mobile Code
• Malicious Code
• The Malware Problem
• Current Malware Defenses
• Addressing the Malware Threat
• The Code-Driven Threat
• Current Mobile Code Defenses
• Addressing the Code-Driven Threat
• Notes
6. Security Issues in Mobile E-Commerce
• Business Risks in M-Commerce
• The Wireless Device
• Application Software Risks
• Attacking Wireless Devices via Mobile Code
• WML Scripts
• Security Risks of WML Scripts
• Wireless Network Risks
• Wireless Content Servers
• Last Word
• Notes
7. Privacy in an Online World
• The Security-Privacy Relationship
• Online Privacy Policy
• What We Know about You
• Client-Side Privacy Risks: The Mole on Your Desktop
• Network Privacy Risks
• Server-Side Privacy Risks
• Protecting Your Privacy online
• Denying the Cookie Monsters
• Pseudonyms
• P3P
• Privacy Is Good Business
• Notes

Pretty boring. Avoid, as it doesn't contain anything remotely interesting.