Re: Book on web security

osiris@pacificnet.net ("osiris@pacificnet.net")
Mon, 14 Jul 1997 13:19:20 -0700

That's probably a very, very good book. (Judging by the authors.) About
2 weeks ago, I posted a 10 page+ bibliography of similar sources. I will
be sure to add it to the list. In the meantime, here's another new
release. Unfortunately, Macmillan (SAMS) doesn't have a TOC on-line.
However, if you happen to be in a bookstore, check out the TOC and the
Appendices. It is:

Maximum Security: A Hacker's Guide to Securing Your Internet Site and
Network.
SAMS.net (Sams Publishing) ISBN: 1575212684 (49.95 U.S.) Author:
Anonymous

Don't be fooled by the rather nefarious title. It's quite a piece of
work. Meanwhile, if anyone is currently writing, has just written or has
just read a new release that I missed in the bibiliography posting (you
can find it on BoS), please mail me with the title(s). In about a month,
my partner and I will be offering a completely free site that indexes
(we hope) all known tools, papers, holes and alerts available on the
Internet. It will be a typical search-engine driven site, with
provisions for visitors to add their own works, either as links or
on-site. Moreover, it will contain an (obviously, ever-growing)
extensive list of vendors, what they do and where they are located. This
will make it easier for companies to find qualified security
professionals (particularly those engaged in creating, servicing or
reselling firewall technologies.) Since we will be doing this by hand
(and at cost to no one but ourselves), the site will not be particularly
pretty. (Don't look for layers, heavy graphics or scrolling, jumping
items.) However, it will be incredibly extensive. So, extensive, in
fact, that it will be nothing like you have ever seen. The site will
stay free, as well. If anyone has ideas about how such a site should (or
shouldn't) be designed, mail me. Otherwise, look for an announcement in
about a month.

O.

Avi Rubin wrote:
>
> In light of the recent discussion of CGI security, I want to mention that
> there is a chapter that addresses these issues in a new book that just
> became available. Here is the info.
>
> Title: The Web Security Sourcebook
> Publisher: John Wiley & Sons, Inc.
> Authors: Avi Rubin, Dan Geer, and Marcus Ranum
> with a foreword by Steve Bellovin
>
> Then book covers all aspects of web security. More information including
> a table of contents and chapter descriptions can be found at
> http://www.clark.net/pub/mjr/websec/ One chapter focuses on bugs in
> browsers and other software as security risks. I believe the readers of
> this list should find it interesting.
>
> You can order directly from:
> https://www.wiley.com/compbooks/catalog/18148-X.htm
> http://www.amazon.com/exec/obidos/ISBN=047118148X
>
> *********************************************************************
> Aviel D. Rubin rubin@research.att.com
> Secure Systems Research Dept. Adjunct Professor at NYU
> AT&T Labs - Research
> 180 Park Avenue http://www.research.att.com/~rubin/
> Florham Park, NJ 07932-0971 Voice: +1 973 360-8356
> USA FAX: +1 973 360-8809
>
> --> Check out http://www.clark.net/pub/mjr/websec/ for a new
> book on web security (The Web Security Sourcebook).
> *********************************************************************