When it comes down to it, the process of protecting your e-commerce site from malicious hackers isn't too different from that of setting up defenses around any other kind of Internet site. The only characteristic that distinguishes an e-commerce site from other kinds of sites is its ability to take payment information from customers, which means there's one more way to attack the site. The scores of techniques that can bring down ordinary sites apply to e-commerce sites as well. This is why Hack Proofing Your E-Commerce Site doesn't so much distinguish itself from the collection of "defending against hackers" books already out there, as supplement those books' content with additional material that's specific to e-commerce. This book treats site defense generally, with extra material on encrypted services and payment-protection schemes.
The sections specifically about buying and selling on the Internet--they make up about a third of this book--appear to have been well researched, and go beyond the merely technical to comment on the legal aspects of attacking digital money transactions. You'll probably learn a lot from the authors' discussions of laws designed to protect the consumer from fraud on the Internet and the amount of trouble they can cause e-commerce businesses. Those sections, since they cover material that's not well explained elsewhere, carry this book on their own. --David Wall
Topics covered: General issues of Internet site defense--including modes of attack (with emphasis on distributed denial of service), secure design principles, security policies, and incident response--supplemented by issues specific to electronic commerce. E-commerce subjects include legal matters, the Secure Electronic Transactions (SET) protocol, and relations with credit-card issuers.
Security in the virtual world of the Internet is even more confusing than in the real world. Vendors and free products abound, but according to experts, the Internet world is becoming more dangerous every day. How can that be? How can all these solutions from so many directions not solve even basic problems? The answer is not simple because the problems are so complex. Security is difficult to create and maintain. Security is messy.
1. Stop hackers by thinking like one. Master the steps to hack your own Web site and anticipate various types of attacks.
2. Protect the privacy of the consumer. Learn the steps to design and implement a great security policy that protects your customers.
3. Understand the basics of secure Web site design. Read about choosing a secure Web server, writing secure code, and programming secure scripts.
4. Implement a secure e-commerce Web site. Master security zones, firewalls, intrusion detection, and system monitoring.
5. Understand Internet-based payment card systems. Now you'll understand commercial payment solutions, virtual POS implementations, e-commerce cryptography, and more!
6. Use disaster recovery planning techniques. Set up secure information back up and restoration and understand your insurance options.
7. Master incident response techniques. Establish an Incident Response Team (IRT), set the prosecution boundaries, and establish an Incident Response Process.
8. Gain confidence with security vendors. Follow the steps to hire a penetration testing team, outsource site design, and other vendor-related site implementations.
9. Learn about Distributed Denial of Service (DDoS) Attacks. See why e-commerce sites are prime targets for DDoS and learn what motivates an attacker to damage companies.
10. Register for your 1-year upgrade.
The Syngress Solutions upgrade plan protects you from content obsolescence and provides monthly mailings, whitepapers, and more!