Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Security Fundamentals for E-Commerce", Vesna Hassler

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKSCFUEC.RVW 20020108 Security Fundamentals for E-Commerce , Vesna Hassler, 2001, 1-58053-108-3, U$83.00 %A Vesna Hassler hassler@infosys.tuwien.ac.at %C
    Message 1 of 1 , Mar 4, 2002
    • 0 Attachment
      BKSCFUEC.RVW 20020108

      "Security Fundamentals for E-Commerce", Vesna Hassler, 2001,
      1-58053-108-3, U$83.00
      %A Vesna Hassler hassler@...
      %C 685 Canton St., Norwood, MA 02062
      %D 2001
      %G 1-58053-108-3
      %I Artech House/Horizon
      %O U$83.00 800-225-9977 fax: 617-769-6334 artech@...
      %P 409 p.
      %T "Security Fundamentals for E-Commerce"

      "The purpose of this book is to give an in-depth overview of all the
      basic security problems and solutions that can be relevant for an
      e-commerce application." I'm sorry, but "in-depth overview" sounds a
      bit like "jumbo shrimp": it's an oxymoron. And "all the basic
      security problems and solutions that can be relevant for an e-commerce
      application" covers a lot of ground. (Which is, I suppose, why this
      text has twenty two chapters.)

      Part one explains the basics of information security. Chapter one
      defines some of the basic jargon, but misses a number of the important
      fundamental terms. For example, the relationship between threats,
      vulernabilities and exploits is fairly basic to security and risk
      analysis, and yet all security problems seem to be lumped together as
      threats. The examination of security mechanisms, in chapter two, is
      limited to cryptography. Key management is restricted to X.509
      certificates and Diffie-Hellman in chapter three.

      Part two looks specifically at security of electronic payment systems.
      Chapter four briefly lists a wide variety of payment systems. A terse
      set of payment security problems is given in chapter five, while some
      seemingly random cryptographic solutions are given in six. A little
      bit of math for functions directed at electronic cash and cheques is
      presented in chapters seven and eight, respectively. Chapter nine
      describes the Internet Open Trading Protocol.

      Part three deals with communications security. Chapter ten is a
      general look at networking. Chapters eleven to fourteen examine
      different systems for security at different layers, but the depth of
      coverage is very inconsistent: extremely terse in some cases, with
      many gaps, and yet delving into minute detail in others.

      Part four examines Web security. Chapter fifteen details the
      HyperText Transfer Protocol (HTTP), which is good, since few texts
      bother to do. Random topics related to Web servers make up chapter
      sixteen. Web client security topics are dealt with somewhat better in
      chapter seventeen, although cookies aren't given any significant
      discussion. Active content does get its own chapter: eighteen
      concentrates almost exclusively on Java. Chapter nineteen contains
      miscellaneous topics.

      Part five covers some special issues for mobile or agent computing.
      Agent technology is described in chapter twenty, some cellular phone
      topics are reviewed in twenty one, and smart card security is
      discussed in twenty two.

      Well, overview it is. The book does cover a variety of topics,
      although there are a great many gaps and holes. However, "in-depth"
      can't be supported, except in a very few cases. There are some topics
      that are discussed in excruciating detail, but they are definitely in
      the minority. As a college text this undoubtedly has its uses, but
      professionals or businesspeople will find the inconsistent coverage
      problematic.

      copyright Robert M. Slade, 2002 BKSCFUEC.RVW 20020108


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      I've got a PhD and no one listens. I take off my clothes off,
      and here you all are. - Briony Penn to the media, 20010123
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.