You are previewing Web Commerce Security Design and Development.
O'Reilly logo
Web Commerce Security Design and Development

Book Description

A top-level security guru for both eBay and PayPal and a best-selling information systems security author show how to design and develop secure Web commerce systems.

Whether it's online banking or ordering merchandise using your cell phone, the world of online commerce requires a high degree of security to protect you during transactions. This book not only explores all critical security issues associated with both e-commerce and mobile commerce (m-commerce), it is also a technical manual for how to create a secure system. Covering all the technical bases, this book provides the detail that developers, system architects, and system integrators need to design and implement secure, user-friendly, online commerce systems.

  • Co-authored by Hadi Nahari, one of the world's most renowned experts in Web commerce security; he is currently the Principal Security, Mobile and DevicesArchitect at eBay, focusing on the architecture and implementation of eBay and PayPal mobile

  • Co-authored by Dr. Ronald Krutz; information system security lecturer and co-author of the best-selling Wiley CISSP Prep Guide Series

  • Shows how to architect and implement user-friendly security for e-commerce and especially, mobile commerce

  • Covers the fundamentals of designing infrastructures with high availability, large transactional capacity, and scalability

  • Includes topics such as understanding payment technologies and how to identify weak security, and how to augment it.

Get the essential information you need on Web commerce security—as well as actual design techniques—in this expert guide.

Table of Contents

  1. Cover Page
  2. Title Page
  3. Copyright
  4. Dedication
  5. About the Authors
  6. About the Technical Editor
  7. Credits
  8. Acknowledgments
  9. Contents
  10. Foreword
  11. Foreword
  12. Introduction
    1. How This Book Is Organized
    2. Who Should Read This Book
    3. Summary
  13. Part I: Overview of Commerce
    1. CHAPTER 1: Internet Era: E-Commerce
      1. Evolution of Commerce
      2. Payment
      3. Distributed Computing: Adding E to Commerce
      4. Summary
      5. Notes
    2. CHAPTER 2: Mobile Commerce
      1. Consumer Electronics Devices
      2. Mobile Phone and M-Commerce
      3. Mobile Technologies: Mosquito on Steroids
      4. Summary
      5. Notes
    3. CHAPTER 3: Important “Ilities” in Web Commerce Security
      1. Confidentiality, Integrity, and Availability
      2. Extensibility
      3. Fault Tolerability
      4. Interoperability
      5. Maintainability
      6. Manageability
      7. Modularity
      8. Monitorability
      9. Operability
      10. Portability
      11. Predictability
      12. Reliability
      13. Ubiquity
      14. Usability
      15. Scalability
      16. Accountability
      17. Audit Ability
      18. Traceability
      19. Summary
      20. Notes
  14. Part II: E-Commerce Security
    1. CHAPTER 4: E-Commerce Basics
      1. Why E-Commerce Security Matters
      2. What Makes a System Secure
      3. Risk-Driven Security
      4. Security and Usability
      5. Scalable Security
      6. Securing Your Transactions
      7. Summary
      8. Notes
    2. CHAPTER 5: Building Blocks: Your Tools
      1. Cryptography
      2. Access Control
      3. System Hardening
      4. Summary
      5. Notes
    3. CHAPTER 6: System Components: What You Should Implement
      1. Authentication
      2. Authorization
      3. Non-Repudiation
      4. Privacy
      5. Information Security
      6. Data and Information Classification
      7. System and Data Audit
      8. Defense in Depth
      9. Principle of Least Privilege
      10. Trust
      11. Isolation
      12. Security Policy
      13. Communications Security
      14. Summary
      15. Notes
    4. CHAPTER 7: Trust but Verify: Checking Security
      1. Tools to Verify Security
      2. Summary
      3. Notes
    5. CHAPTER 8: Threats and Attacks: What Your Adversaries Do
      1. Basic Definitions
      2. Common Web Commerce Attacks
      3. Summary
      4. Notes
    6. CHAPTER 9: Certification: Your Assurance
      1. Certification and Accreditation
      2. Standards and Related Guidance
      3. Related Standards Bodies and Organizations
      4. Certification Laboratories
      5. The Systems Security Engineering Capability Maturity Model
      6. Value of Certification
      7. Certification Types
      8. Summary
      9. Notes
    7. APPENDIX A: Computing Fundamentals
      1. Introduction
      2. Hardware
      3. Software
      4. Summary
    8. APPENDIX B: Standardization and Regulatory Bodies
      1. ANSI
      2. COBIT
      3. COSO
      4. CSA
      5. Ecma
      6. ETSI
      7. FIPS
      8. GlobalPlatform
      9. IANA
      10. IEC
      11. IETF
      12. ISO
      13. Kantara
      14. NIST
      15. OASIS
      16. OAuth
      17. OpenID
      18. OpenSAF
      19. PCI
      20. SAF
      21. SOX
      22. The Open Group
      23. W3C
      24. WASC
      25. Notes
    9. APPENDIX C: Glossary of Terms
    10. APPENDIX D: Bibliography
  15. Index