Uploaded bysrogatamwa
99 views

Internet and Web Application Security 3rd Edition Mike Harwood

Internet and Web Application Security 3rd Edition Mike Harwood Internet and Web Application Security 3rd Edition Mike Harwood Internet and Web Application Security 3rd Edition Mike Harwood

Embed presentation

Download to read offline
Internet and Web Application Security 3rd Edition Mike Harwood install download https://ebookmeta.com/product/internet-and-web-application- security-3rd-edition-mike-harwood/ Download more ebook from https://ebookmeta.com
We believe these products will be a great fit for you. Click the link to download now, or visit ebookmeta.com to discover even more! Grokking Web Application Security (MEAP V02) Malcolm Mcdonald https://ebookmeta.com/product/grokking-web-application-security- meap-v02-malcolm-mcdonald/ Web Application Security: Exploitation and Countermeasures for Modern Web Applications 2nd Edition Andrew Hoffman https://ebookmeta.com/product/web-application-security- exploitation-and-countermeasures-for-modern-web-applications-2nd- edition-andrew-hoffman/ Web Application Security 2nd Edition (Early Release) Andrew Hoffman https://ebookmeta.com/product/web-application-security-2nd- edition-early-release-andrew-hoffman/ Effective Go: Elegant, Efficient, and Testable Code (MEAP Version 3) 1 / chapter 1 to 6 of 8 Edition Inanc Gumus https://ebookmeta.com/product/effective-go-elegant-efficient-and- testable-code-meap-version-3-1-chapter-1-to-6-of-8-edition-inanc- gumus/
Mayhem Trailer Park Girls Duet 1 1st Edition Cala Riley Riley Cala https://ebookmeta.com/product/mayhem-trailer-park-girls- duet-1-1st-edition-cala-riley-riley-cala/ Machine Learning 1st Edition Minsoo Kang https://ebookmeta.com/product/machine-learning-1st-edition- minsoo-kang/ Automate the Boring Stuff with Python Practical Programming for Total Beginners 1st Edition Al Sweigart https://ebookmeta.com/product/automate-the-boring-stuff-with- python-practical-programming-for-total-beginners-1st-edition-al- sweigart-3/ From Communication Landscapes to Bullying Battlegrounds 1st Edition Sibel Aydin https://ebookmeta.com/product/from-communication-landscapes-to- bullying-battlegrounds-1st-edition-sibel-aydin/ Essential Econometric Techniques A Guide to Concepts and Applications 3rd Edition Elia Kacapyr https://ebookmeta.com/product/essential-econometric-techniques-a- guide-to-concepts-and-applications-3rd-edition-elia-kacapyr/
Interpreting Popular Music With a new preface by the author David Brackett https://ebookmeta.com/product/interpreting-popular-music-with-a- new-preface-by-the-author-david-brackett/
World Headquarters Jones & Bartlett Learning 25 Mall Road Burlington, MA 01803 978-443-5000 info@jblearning.com www.jblearning.com Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com. Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to specialsales@jblearning.com. Copyright © 2024 by Jones & Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner. The content, statements, views, and opinions herein are the sole expression of the respective authors and not that of Jones & Bartlett Learning, LLC. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not constitute or imply its endorsement or recommendation by Jones & Bartlett Learning, LLC and such reference shall not be used for advertising or product endorsement purposes. All trademarks displayed are the trademarks of the parties noted herein. Internet and Web Application Security, Third Edition is an independent publication and has not been authorized, sponsored, or otherwise approved by the owners of the trademarks or service marks referenced in this product. There may be images in this book that feature models; these models do not necessarily endorse, represent, or participate in the activities represented in the
images. Any screenshots in this product are for educational and instructive purposes only. Any individuals and scenarios featured in the case studies throughout this product may be real or fictitious but are used for instructional purposes only. Production Credits Vice President, Product Management: Marisa R. Urbano Vice President, Content Strategy and Implementation: Christine Emerton Director, Content Management: Donna Gridley Manager, Content Strategy: Carolyn Pershouse Director, Product Management: Ray Chew Content Strategist: Melissa Duffy Content Coordinator: Mark Restuccia Development Editor: Ginny Munroe Director, Project Management and Content Services: Karen Scott Manager, Project Management: Jackie Reynen Project Manager: Madelene Nieman Senior Digital Project Specialist: Angela Dooley Marketing Manager: Mark Adamiak Content Services Manager: Colleen Lamy Vice President, Manufacturing and Inventory Control: Therese Connell Product Fulfillment Manager: Wendy Kilborn Composition and Project Management: Straive Cover and Text Design: Briana Yates Media Development Editor: Faith Brosnan Rights & Permissions Manager: John Rusk Rights Specialist: James Fortney Cover Image (Title Page, Part Opener, Chapter Opener): © Elena Kichigina/Shutterstock Printing and Binding: McNaughton & Gunn Library of Congress Cataloging-in-Publication Data Names: Harwood, Mike, author. | Price, Ron (Computer programmer), author. Title: Internet and web application security / Mike Harwood, Ron Price. Other titles: Security strategies in Web applications and social networking Description: Third edition. | Burlington, MA : Jones & Bartlett Learning, [2024] | Revised edition of: Security strategies in Web applications and social networking. | Includes bibliographical references and index. Identifiers: LCCN 2022038271 | ISBN 9781284206166 (paperback) Subjects: LCSH: Online social networks–Security measures. | Application software– Security measures. | Internet–Security measures. | World Wide Web–Security measures. Classification: LCC HM742 .H38 2024 | DDC 302.30285–dc23/eng/20220822 LC record available at https://lccn.loc.gov/2022038271
6048 Printed in the United States of America 26 25 24 23 22 10 9 8 7 6 5 4 3 2 1
© Elena Kichigina/Shutterstock Contents Preface New to This Edition Acknowledgments About the Authors
PART ONE The Internet, the World Wide Web, and the Need for Security CHAPTER 1 The Internet and the World Wide Web Data and Information Data Information The Evolution of Computers and Computing Before There Was an Internet ARPANET The Legacy of ARPANET The Maturing Network Hypertext The Early Internet Gopher, Archie, and Veronica Groupware Hardware The World Wide Web (WWW) Tim Berners-Lee The Web Mosaic World Wide Web Phases Web 1.0 Web 2.0 Web 3.0 Web 4.0 Client/Server Computing Virtualization and Cloud Computing Virtualization Cloud Computing CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 1 ASSESSMENT CHAPTER 2 Security Considerations for SOHO and Personal Systems What Is Security?
Vulnerabilities, Threats, and Risk Vulnerabilities Human Vulnerabilities and Error Weak Passwords Insecure Location System and Application Updates Not Applied No Backup Plan Natural Vulnerabilities Threats Ownership Threat Actors Social Engineering Antisocial Defense Identify Theft Malware and Ransomware Viruses Malware Malware Types Malware Movement Ransomware Risk Types of Risk Risk Assessment Risk Matrix Protecting Assets Keeping Private Data Private Hardening Exposures Closures The Benefits of Hardening Cookies Wireless Network Vulnerabilities Minimize Wireless Risks Encrypt Data in Transit Guard the SSID
Threat and Risk Identification Threat Maps Current Threat Identification Broken Access Control Cryptographic Failures Injections Weak Security Design Misconfiguration Identification and Authentication Failures Application Software and Data Integrity Issues Insufficient Security Logging and Monitoring CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 2 ASSESSMENT CHAPTER 3 Security Considerations for Business Business on the Web Business Modes Early E-Commerce Customer-Focused Services The Evolution of the Web Website Security Vulnerabilities Threats Ransomware Online Business Risk Asset Identification Data Assets Managing Risk Risk Assessments Qualitative and Quantitative Qualitative Assessment Quantitative Assessment Mitigation Strategies Securing IP Communications
Secure Access for Remote Employees CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 3 ASSESSMENT PART TWO Secure Web-Enabled Application Deployment and Social Networking CHAPTER 4 Mitigating Risk When Connecting to the Internet The Threats and Risks on the Internet Risks and Threats Hackers and Predators Malware Vulnerabilities and Exploits Personal Attacks Online Risks and Threats Website Hosting External Web Hosting Internal Web Hosting Domain Name Server DNS Names Common DNS Attacks Best Practices for Connecting to the Internet CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 4 ASSESSMENT CHAPTER 5 Mitigating Website Risks, Threats, and Vulnerabilities Who Is Coming to Your Website? Whom Do You Want to Come to Your Website? Accepting User Input on Your Website Forums Website Feedback Forms Online Surveys The OWASP Top 10 Threats Broken Access Control
Cryptographic Failures Injection Insecure Design Security Misconfigurations Vulnerable and Outdated Components Identification and Authentication Failures Software and Data Integrity Failures Security Logging and Monitoring Failures Server-Side Request Forgery (SSRF) Additional Web Threats Not in the Top 10 Information Leakage and Improper Error Handling Unsecure Communications Failure to Restrict URL Access Mitigating Web Risks, Threats, and Vulnerabilities CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 5 ASSESSMENT CHAPTER 6 Web Application Security Web Applications Web Application Vulnerabilities Web Application Security Areas Web Services Common Website Attacks Abuse of Functionality Brute-Force Attacks Developing Password Policies Buffer Overflow Content Spoofing Credential/Session Prediction Cross-Site Scripting Cross-Site Request Forgery Denial of Service Fingerprinting Format String
HTTP Attacks Integer Overflows Injection Attacks URL Redirector Abuses OS Commanding Path Traversal Predictable Resource Location Remote File Inclusion (RFI) Routing Detour Session Fixation SOAP Array Abuse XML Attacks Common Website Weaknesses Application Misconfiguration Directory Indexing Improper File System Permissions Improper Input Handling Improper Output Handling Information Leakage Unsecure Indexing Insufficient Anti-Automation Insufficient Authentication Insufficient Authorization Insufficient Password Recovery Insufficient Process Validation Insufficient Session Expiration Insufficient Transport Layer Protection Server Misconfiguration Best Practices for Mitigating Web Attacks Best Practices for Mitigating Weaknesses CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 6 ASSESSMENT CHAPTER 7 How Web Applications Work and Building a Secure Foundation
How Web Applications Work Web Application Function Web Application Benefits Web Application Disadvantages Third-Party Apps Versus Third-Party Web Apps Third-Party Web Apps Web App Architecture Application Programming Interface (API) Security Regulations, Standards, and Guidelines Internet Law Censorship and Control Internet and Web Laws and Regulations Specific Information Security Standards Payment Card Industry Data Security Standard Types of Information Security Application Security Infrastructure Security Cloud Security Mitigating Risk in Web Applications Guidelines and Standards for Securing Web Applications The PCI DSS Security Actions to Protect Websites Protect Your System with Firewalls Configure Passwords and Settings Protect Stored PII Data Encrypt Transmission of Data Across Open, Public Networks Use and Regularly Update Antivirus Software Regularly Update and Patch Systems Restrict Physical Access to Workplace and Data Implement Logging and Log Management Conduct Vulnerability Scans and Penetration Tests Documentation and Risk Assessments CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 7 ASSESSMENT
CHAPTER 8 Developing Secure Websites and Web Applications Accepting User Input into a Website Functional Websites Hypertext Markup Language Common Gateway Interface Script JavaScript SQL Database Back-End Development Processes Secure Application Development Layered Security Strategies for Websites and Web Applications Concept and Planning Architecture and Design Implementation Testing and Debugging Release and Maintenance End of Life Incorporating Security Requirements Within the SDLC Systems Analysis Stage Designing Stage Implementation Stage Testing Stage Acceptance and Deployment Stage Maintenance Using Secure and Unsecure Protocols How Secure Sockets Layer Works SSL/TLS Encryption and Hash Protocols Selecting an Appropriate Access Control Solution Best Practices for Securing Web Applications CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 8 ASSESSMENT CHAPTER 9 Mitigating Web Application Vulnerabilities Causes of Web Application Vulnerabilities Authentication
Input Validation Session Management Nonsecure Code in Software Applications Developing Policies to Mitigate Vulnerabilities Implementing Secure Coding Best Practices Incorporating HTML Secure Coding Standards and Techniques Incorporating JavaScript Secure Coding Standards and Techniques Incorporating CGI Form and SQL Database Access Secure Coding Standards and Techniques Implementing SCM and Revision-Level Tracking Best Practices for Mitigating Web Application Vulnerabilities CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 9 ASSESSMENT CHAPTER 10 Performing a Website Vulnerability and Security Assessment Software Testing Versus Website Vulnerability and Security Assessments Performing an Initial Discovery on the Targeted Website Ping Sweep Nmap Operating System Fingerprint Nessus Vulnerability and Port Scan Performing a Vulnerability and Security Assessment Web Server OS Web Server Application Website Front-End Website Forms and User Inputs Incorporate PCI DSS for E-Commerce Websites Using Planned Attacks to Identify Vulnerabilities Develop an Attack Plan Identify Gaps and Holes Escalate the Privilege Level Vulnerabilities in Back-End Systems and Structured Query Language (SQL) Databases Develop an Attack Plan Identify Gaps and Holes
Escalate the Privilege Level Perform an SQL Injection for Data Extraction Preparing a Vulnerability and Security Assessment Report Executive Summary Summary of Findings Vulnerability Assessment Security Assessment Recommendations Best Practices for Website Vulnerability and Security Assessments Choose the Right Tools Test Inside and Out Think Outside the Box Research, Research, Research CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 10 ASSESSMENT CHAPTER 11 Maintaining Compliance for E-Commerce Websites Compliance Issues for Websites General Privacy Laws General Data Protection Regulation (GDPR) California Privacy Rights Act (CPRA) Website Legal Requirements Legal Requirements Compliance Privacy Policy Cookie Management Policy Terms and Conditions Records of User Consent Other Laws Affecting Websites and Data Privacy Operational Compliance Security Measures “Lawful Basis” Data Handling Payment Processing Compliance PCI DSS Standard
Revised Payment Services Directive (PSD2) 3D Secure 2.0 (3DS2) KYB and KYC Verification Tax Compliance Other Compliance Elements CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 11 ASSESSMENT CHAPTER 12 Testing and Quality Assurance for Websites Development and Production Software Environments Software Development Methodologies Software Development Life Cycle Agile Software Development Methodology Scrum Other Agile Development Methodologies Joint Application Development (JAD) JAD Team Roles JAD Sessions and Workshops DevOps Website Testing First Impressions Functional Testing Links Testing Forms Testing Cookies Testing HTML/CSS Validation Testing Security Testing Mitigating Website Security Flaws Mobile Devices Documentation Testing Releasing a Website to the World Pre-Launch Tasks Website Launch Website Diagnostics
SEO Strategy Post-Launch CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 12 ASSESSMENT PART THREE Web Applications and Social Networking Gone Mobile CHAPTER 13 Securing Mobile Communications Endpoint Devices Smartphones Tablets Cellular Networks and How They Work 1G Networks 2G Networks 3G Networks 4G Networks Security 4G Networks 5G Networks 5G Types 5G Signaling 5G Networking Wireless Endpoint Communication Voice Communication Voice Communication Security Email Instant Messaging (IM) Chat SMS/Text Messaging MMS Messaging Endpoint Device Risks, Threats, and Vulnerabilities OWASP Top 10 Mobile Risks Securing Endpoint Device Communication Technological Security of Devices Applications and Systems Physical Security of Devices
The Internet of Things IoT Components IoT Applications CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 13 ASSESSMENT CHAPTER 14 Securing Personal and Business Communications Privacy and Security in Communication Data-in-Transit Communication Privacy and Security Privacy Versus Security Online Privacy and Security Internet Privacy Issues Store-and-Forward Communication Real-Time Communication Threats to Personal and Business Communications Mitigating Voicemail Risks Messaging on Social Networking Sites Presence and Availability Instant Messaging Chat Short Message Service Text Messaging Multimedia Messaging Service Messaging Voice over IP Threats Securing Telephone and Private Branch Exchange Communications Securing Unified Communications CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 14 ASSESSMENT CHAPTER 15 Security Training, Education, and Certification Security and Careers—Database Administration Database Security Database Administrator Versus Database Designer Database Management Tasks
Database Security Training and Certification Security and Careers—Application Development Common Programming Tasks Programming Training and Certification Security and Careers—Network Management Common Network Administration Tasks Network Administration Training and Certification Reviewing Security Information Security and Careers—Web Design and Administration Security for Web Developers Daily Tasks for Web Developers CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 15 ASSESSMENT APPENDIX A Answer Key APPENDIX B Standard Acronyms APPENDIX C Internet and Web Cybersecurity Certifications Glossary of Key Terms References Index
© Elena Kichigina/Shutterstock Preface Purpose of This Book This book is part of the Information Systems Security & Assurance Series from Jones & Bartlett Learning (www.jblearning.com).
Designed for courses and curriculums in IT security, cybersecurity, information assurance, and information systems security, this series features a comprehensive, consistent treatment of the most current thinking and trends in this critical subject area. These titles deliver fundamental information-security principles packed with real-world applications and examples. Authored by professionals experienced in information systems security, they deliver comprehensive information on all aspects of information security. Reviewed word for word by leading technical experts in the field, these books are not just current, but forward-thinking—putting you in the position to solve the cybersecurity challenges not just of today, but of tomorrow as well. Part 1 of this book examines the evolutionary changes that have occurred in computer technology and personal and business communications, and social interaction and networking on the internet and World Wide Web. It also covers relevant security considerations for small businesses and personal users. Part 2 reviews the risks, threats, and vulnerabilities associated with web applications, including the risks, threats, and vulnerabilities associated with websites, especially those, like social networking, which allow perpetrators to plant malicious code and malware with widespread global impact. The best practices to apply security to the development, deployment, and maintenance of a website and its applications and services to prevent, mitigate, and avoid these threats are explored. Common sense and best practices for online privacy and securing your privacy data are presented, providing you with countermeasures to protect your privacy and privacy data. Part 3 presents the next and greatest business challenge—securing the mobile user. With web applications and social networking now being accessed remotely and from mobile wireless connected devices, these devices are at risk. This part of the book explores mobile communications security, given the rapid use of 4G and 5G wireless networking for mobile communication. You also learn about VoIP- and SIP-enabled applications, such as unified communications, and how they provide real-time communications for both personal and business use. Finally, web-security organizations, standards
organizations, education, training, and certification organizations are presented to provide you with additional resources and planning strategies for a career in secure web application design and development. Learning Features The writing style of this book is practical and conversational. Step- by-step examples of information security concepts and procedures are presented throughout the text. Each chapter begins with a statement of learning objectives. Illustrations are used both to clarify the material and to vary the presentation. The text is sprinkled with Notes, Tips, FYIs, Warnings, and sidebars to alert the reader to additional helpful information related to the subject under discussion. Chapter Assessments appear at the end of each chapter, with solutions provided in Appendix A. Chapter summaries are included in the text to provide a rapid review or preview of the material and to help students understand the relative importance of the concepts presented.
© Elena Kichigina/Shutterstock New to This Edition The third edition of this book reflects the changes taking place on the internet, and in web applications and cloud computing. Most of these changes are technology driven, but a fair amount of them are
the result of user and developer experience and the knowledge gained from it. In addition, the applicable security standards and guidelines that are also emerging, or advancing, are discussed when relevant to the area to which they apply. In each case, these changes and their impacts are explored. This edition maintains the focus on web security but expands on its inclusion in the design, development, and application to webpages, applications, and services. The role of the user and his or her importance to the design and functionality of these web elements has also been emphasized. Audience The material is suitable for undergraduate or graduate computer science majors or information science majors, or students at a two- year technical college or community college who have a basic technical background, or readers who have a basic understanding of IT security and want to expand their knowledge. Cloud Labs This text is accompanied by Cybersecurity Cloud Labs. These hands- on virtual labs provide immersive mock IT infrastructures where students can learn and practice foundational cybersecurity skills as an extension of the lessons in this textbook. For more information or to purchase the labs, visit go.jblearning.com/Harwood3e.
© Elena Kichigina/Shutterstock Acknowledgments It takes the dedication and hard work of many people to create a book such as this. The professionals at Ascend Learning and Jones & Bartlett Learning are fantastic, and their support, guidance, and
wisdom was appreciated throughout this entire project. I especially wish to thank Melissa Duffy for her guidance and support. I also wish to thank Virginia “Ginny” Munroe, whose language skills and technical knowledge vastly improved the understandability of the message I was attempting to make. – Ron Price
© Elena Kichigina/Shutterstock About the Authors Mike Harwood (MCT, MCSE, A+, Network+, Server+, Linux+) has more than 15 years experience working in information technology and related fields. In that time, he’s held a number of roles within IT,
including network administrator, instructor, technical writer, Web site designer, consultant, and online marketing strategist. He’s been a regular on-air technology contributor for CBC Radio and has written numerous computer books, including the best-selling Network+ Exam Cram for Que Publishing and the A+ Faster Smarter title for Microsoft. Currently Mike is employed as the new editor and writer for the yoursecondfifty.com/magazine. Ron Price’s career has essentially spanned the entire development of computing, security, and networking, beginning with punched-card equipment. His experience has included programming, design, consulting, and management in education, telecommunication, and public accounting. He holds several IT and security certifications and has published numerous books under his own name as well as the pen name of “Ron Gilster.” Ron is now semi-retired in the Ozark Mountains of Arkansas, continuing to write and teach part time.
© Elena Kichigina/Shutterstock
P A R T O N E The Internet, the World Wide Web, and the Need for Security CHAPTER 1 The Internet and the World Wide Web CHAPTER 2 Security Considerations for SOHO and Personal Systems CHAPTER 3 Security Considerations for Business
© Elena Kichigina/Shutterstock
C H A P T E R 1 The Internet and the World Wide Web IN THE WORLD OF COMPUTING AND NETWORKING, game- changing technologies continue to emerge. Some new technologies replace existing ones, some make existing technologies better, as in more efficient, more effective, and perhaps, even more affordable, and others introduce capabilities not seen before. The cycle of advancement and improvement is ongoing and is likely to continue for a long time to come. This chapter provides a brief look back on the developments and events in data processing, computing, and networking that have led to the emergence of the internet and the World Wide Web. We look at the internet, its origins, technologies, and the myriad ways it has become a part of our daily lives. CHAPTER 1 TOPICS The topics and concepts covered in this chapter include: Data, data processing, and information The evolution of computers and computing Before there was an internet The early internet The World Wide Web Client/server computing Virtualization and cloud computing
CHAPTER 1 GOALS When you complete this chapter, you will be able to: Explain the importance and differences of data and information Discuss the history of computers and their uses Explain why there was a need for the internet Discuss the early developments of internetworking Identify the key developments and developers of the web Explain server, clients, and network virtualization Identify the service types and delivery modes of cloud computing
Data and Information It’s common to hear the terms data and information used interchangeably as if they are one and the same. They’re technically not the same. Data and information are different, and they represent completely separate places in the cycle of what we know as data processing. However, before we get too much into the processing of data, let’s take a look at data and what they are. Data Whether you pronounce it as “dayta” or “datta,” without data, there would be no data processing, no internet, no information systems, and no web. Data are the fuel and the reason for computing, networking, automation, and all other digital processing. Without data, computers wouldn’t exist because there’d be no reason for them to exist. If there was no concept of a “2” as data, then 2 + 2 would have no meaning whatsoever. Data are a part of life. As we go about our daily lives, we constantly take in data through our senses: We see data, we hear data, and we feel data. We see actions, colors, words, images, and more. We hear sounds, tones, inflections, and more. We feel the temperature of the air and objects, pain and sensation, texture, and more. In each of these and other sensual perceptions, we take in data. Data is actually a plural form of datum. A datum, according to Merriam-Webster.com, is “something given or admitted especially as a basis for reasoning or inference” or “something used as a basis for calculating or measuring.” Data are made up of one or more datum. In other words, two “datum” are data. For example, if someone walks up to you and says “blue,” you will likely envision the color of the sky, a shirt, a dress, water, or any number of other blue things. However, the word “blue” by itself has little meaning. It represents only a color; blue is just blue. The same can be said for the word “sky.” it is a thing, maybe a place, but it is not specific to any
context. We provide the context according to our own frame of reference. If we hear “blue sky,” the two datums take on a context, which gives it meaning, and has the capability to answer a question. The fact that the sky is blue is data, and if the person who brought up “blue” in the first place asks you, “What color is the sky?” you can reply with the data at hand: “The sky is blue.” Because it now has context and meaning, it is now considered information. Figure 1-1 illustrates the relationship between datum and data and the relationship of data to information. A datum is a single value, attribute, characteristic, or identity of something. In the example above, “blue” is datum, “sky” is datum, just like “5” and “10” and “feet” and “inches” are each a datum. When we store a datum in a computer’s memory, it may fit into a single byte (which stands for binary eight, meaning eight bits to store binary values), or it might require several bytes. The amount of storage space the datum requires has no effect on what it represents. Storing just one isolated datum on a computer would be unusual because datums are typically combined into related (sometimes loosely related) groups. Each of these groupings is data, and groupings are all considered data.
FIGURE 1-1 Datum is collected into data, which can be processed into information. Description
Information The primary characteristic of information is that it is the result or product of data being processed. The purpose of data processing is to produce information. Information has context relevant to an inquiry, question, or even a wonder. “What color is the sky?” By extracting the appropriate data from its storage locations, we are able to process that data into the response, “The sky is blue.” Information without context is just data. “What does 2 + 2 equal?” This question defines processing that is to be performed: the addition of 2 and 2 to produce a sum of the two datum. This simple example illustrates what data processing is all about. A problem is posed, and an algorithm performs a process on the datum to provide a solution. Another way to think about this is to think of datum as input to a process that manipulates the data to produce information. The purpose and objective of processing data is to produce information. The most basic model for processing data into information is known as the IPO (Input, Process, and Output) model. Figure 1-2 illustrates that an input source is entered into a processing element that produces information. This simple three-step process represents data processing and computing at its most basic. Even extremely complicated computer programs can be broken down into a series of processes that each perform the input, processing, and output of the IPO model. Often the input and the outputs come from or go to another process. If you understand the principle represented by the IPO model, then computing won’t be all that mysterious to you. From the largest computer to the smallest, the IPO model explains it all (well, almost).
FIGURE 1-2 The IPO model.
TABLE 1-1 The Evolution of Computers and Computing That very powerful smartphone, tablet, or notebook you are toting around most likely has more computing power than did many of the early generations of computers. Like most things technological, computers started out big and as technology increased their capabilities, computers and processing devices decreased in size. Sure, there are still very large computers like supercomputers and very small computers like a Raspberry Pi, but what once completely filled a university gymnasium now fits in your shirt or pants pocket with room to spare. The evolution of the computer has gone through generations, each tied to the emergence of an advance in technology. Table 1-1 delineates the five computer generations and what defined each. As you can see, computer technologies rapidly developed over a relatively short period. Depending on the scope of the discussion, the history of the computer can be 20 years, more than 80 years, or over a much longer time. It depends on your perspective. The Five Generations of Computers
Description Just when the history of computing and computers actually began is debatable. Some say the history of computing began when a brilliant cave dweller discovered that two fingers or two of anything could mean something. There is a difference, as illustrated by our cave person, between computing and computers. Computing is a processing operation, like the IPO model. On the other hand, computers are the people, machines, and devices that provide the processing portion of the IPO model. In fact, the term “computers” was a job title in the past for people who “computed” accounts into ledgers. If we focus on only computers, as we know them today, their history is relatively short. As shown in Table 1-1, modern computer historians generally agree that the relevant birth of the computer and its computing capabilities began roughly around 1940. This doesn’t mean that we exclude those who contributed to the earlier development. Not at all. As discussed throughout the following
Discovering Diverse Content Through Random Scribd Documents
By William J. Locke CONTENTS THE DEMAGOGUE AND LADY PHAYRE CHAPTER I THE ETERNAL FEMININE CHAPTER II A REVOLUTION CHAPTER III THE END OF AN ACT CHAPTER IV LADY PHAYRE AND THE COMING MAN CHAPTER V LIZZIE CHAPTER VI THE STARS IN THEIR COURSES CHAPTER VII A DEMAGOGUE’S IDYLL CHAPTER VIII WITH THE HELP OF LADY PHAYRE CHAPTER IX SOME PSYCHOLOGICAL MOMENTS CHAPTER X LADY PHAYRE THROWS HER CAP OVER THE WINDMILLS. CHAPTER XI RECONSTRUCTION CHAPTER XII A LEADER OF MEN CHAPTER XIII THE CONCLUSION OF THE WHOLE MATTER IDOLS
By William J. Locke CONTENTS IDOLS PROEM CHAPTER I CHAPTER II CHAPTER III CHAPTER IV CHAPTER V CHAPTER VI CHAPTER VII CHAPTER VIII CHAPTER IX CHAPTER X CHAPTER XI CHAPTER XII CHAPTER XIII CHAPTER XIV CHAPTER XV CHAPTER XVI CHAPTER XVII CHAPTER XVIII CHAPTER XIX CHAPTER XX CHAPTER XXI CHAPTER XXII CHAPTER XXIII CHAPTER XXIV CHAPTER XXV
*** END OF THE PROJECT GUTENBERG EBOOK INDEX OF THE PROJECT GUTENBERG WORKS OF WILLIAM J. LOCKE *** Updated editions will replace the previous one—the old editions will be renamed. Creating the works from print editions not protected by U.S. copyright law means that no one owns a United States copyright in these works, so the Foundation (and you!) can copy and distribute it in the United States without permission and without paying copyright royalties. Special rules, set forth in the General Terms of Use part of this license, apply to copying and distributing Project Gutenberg™ electronic works to protect the PROJECT GUTENBERG™ concept and trademark. Project Gutenberg is a registered trademark, and may not be used if you charge for an eBook, except by following the terms of the trademark license, including paying royalties for use of the Project Gutenberg trademark. If you do not charge anything for copies of this eBook, complying with the trademark license is very easy. You may use this eBook for nearly any purpose such as creation of derivative works, reports, performances and research. Project Gutenberg eBooks may be modified and printed and given away—you may do practically ANYTHING in the United States with eBooks not protected by U.S. copyright law. Redistribution is subject to the trademark license, especially commercial redistribution. START: FULL LICENSE
THE FULL PROJECT GUTENBERG LICENSE
PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK To protect the Project Gutenberg™ mission of promoting the free distribution of electronic works, by using or distributing this work (or any other work associated in any way with the phrase “Project Gutenberg”), you agree to comply with all the terms of the Full Project Gutenberg™ License available with this file or online at www.gutenberg.org/license. Section 1. General Terms of Use and Redistributing Project Gutenberg™ electronic works 1.A. By reading or using any part of this Project Gutenberg™ electronic work, you indicate that you have read, understand, agree to and accept all the terms of this license and intellectual property (trademark/copyright) agreement. If you do not agree to abide by all the terms of this agreement, you must cease using and return or destroy all copies of Project Gutenberg™ electronic works in your possession. If you paid a fee for obtaining a copy of or access to a Project Gutenberg™ electronic work and you do not agree to be bound by the terms of this agreement, you may obtain a refund from the person or entity to whom you paid the fee as set forth in paragraph 1.E.8. 1.B. “Project Gutenberg” is a registered trademark. It may only be used on or associated in any way with an electronic work by people who agree to be bound by the terms of this agreement. There are a few things that you can do with most Project Gutenberg™ electronic works even without complying with the full terms of this agreement. See paragraph 1.C below. There are a lot of things you can do with Project Gutenberg™ electronic works if you follow the terms of this agreement and help preserve free future access to Project Gutenberg™ electronic works. See paragraph 1.E below.
1.C. The Project Gutenberg Literary Archive Foundation (“the Foundation” or PGLAF), owns a compilation copyright in the collection of Project Gutenberg™ electronic works. Nearly all the individual works in the collection are in the public domain in the United States. If an individual work is unprotected by copyright law in the United States and you are located in the United States, we do not claim a right to prevent you from copying, distributing, performing, displaying or creating derivative works based on the work as long as all references to Project Gutenberg are removed. Of course, we hope that you will support the Project Gutenberg™ mission of promoting free access to electronic works by freely sharing Project Gutenberg™ works in compliance with the terms of this agreement for keeping the Project Gutenberg™ name associated with the work. You can easily comply with the terms of this agreement by keeping this work in the same format with its attached full Project Gutenberg™ License when you share it without charge with others. 1.D. The copyright laws of the place where you are located also govern what you can do with this work. Copyright laws in most countries are in a constant state of change. If you are outside the United States, check the laws of your country in addition to the terms of this agreement before downloading, copying, displaying, performing, distributing or creating derivative works based on this work or any other Project Gutenberg™ work. The Foundation makes no representations concerning the copyright status of any work in any country other than the United States. 1.E. Unless you have removed all references to Project Gutenberg: 1.E.1. The following sentence, with active links to, or other immediate access to, the full Project Gutenberg™ License must appear prominently whenever any copy of a Project Gutenberg™ work (any work on which the phrase “Project Gutenberg” appears, or with which the phrase “Project Gutenberg” is associated) is accessed, displayed, performed, viewed, copied or distributed:
This eBook is for the use of anyone anywhere in the United States and most other parts of the world at no cost and with almost no restrictions whatsoever. You may copy it, give it away or re-use it under the terms of the Project Gutenberg License included with this eBook or online at www.gutenberg.org. If you are not located in the United States, you will have to check the laws of the country where you are located before using this eBook. 1.E.2. If an individual Project Gutenberg™ electronic work is derived from texts not protected by U.S. copyright law (does not contain a notice indicating that it is posted with permission of the copyright holder), the work can be copied and distributed to anyone in the United States without paying any fees or charges. If you are redistributing or providing access to a work with the phrase “Project Gutenberg” associated with or appearing on the work, you must comply either with the requirements of paragraphs 1.E.1 through 1.E.7 or obtain permission for the use of the work and the Project Gutenberg™ trademark as set forth in paragraphs 1.E.8 or 1.E.9. 1.E.3. If an individual Project Gutenberg™ electronic work is posted with the permission of the copyright holder, your use and distribution must comply with both paragraphs 1.E.1 through 1.E.7 and any additional terms imposed by the copyright holder. Additional terms will be linked to the Project Gutenberg™ License for all works posted with the permission of the copyright holder found at the beginning of this work. 1.E.4. Do not unlink or detach or remove the full Project Gutenberg™ License terms from this work, or any files containing a part of this work or any other work associated with Project Gutenberg™. 1.E.5. Do not copy, display, perform, distribute or redistribute this electronic work, or any part of this electronic work, without
prominently displaying the sentence set forth in paragraph 1.E.1 with active links or immediate access to the full terms of the Project Gutenberg™ License. 1.E.6. You may convert to and distribute this work in any binary, compressed, marked up, nonproprietary or proprietary form, including any word processing or hypertext form. However, if you provide access to or distribute copies of a Project Gutenberg™ work in a format other than “Plain Vanilla ASCII” or other format used in the official version posted on the official Project Gutenberg™ website (www.gutenberg.org), you must, at no additional cost, fee or expense to the user, provide a copy, a means of exporting a copy, or a means of obtaining a copy upon request, of the work in its original “Plain Vanilla ASCII” or other form. Any alternate format must include the full Project Gutenberg™ License as specified in paragraph 1.E.1. 1.E.7. Do not charge a fee for access to, viewing, displaying, performing, copying or distributing any Project Gutenberg™ works unless you comply with paragraph 1.E.8 or 1.E.9. 1.E.8. You may charge a reasonable fee for copies of or providing access to or distributing Project Gutenberg™ electronic works provided that: • You pay a royalty fee of 20% of the gross profits you derive from the use of Project Gutenberg™ works calculated using the method you already use to calculate your applicable taxes. The fee is owed to the owner of the Project Gutenberg™ trademark, but he has agreed to donate royalties under this paragraph to the Project Gutenberg Literary Archive Foundation. Royalty payments must be paid within 60 days following each date on which you prepare (or are legally required to prepare) your periodic tax returns. Royalty payments should be clearly marked as such and sent to the Project Gutenberg Literary Archive Foundation at the address specified in Section 4, “Information
about donations to the Project Gutenberg Literary Archive Foundation.” • You provide a full refund of any money paid by a user who notifies you in writing (or by e-mail) within 30 days of receipt that s/he does not agree to the terms of the full Project Gutenberg™ License. You must require such a user to return or destroy all copies of the works possessed in a physical medium and discontinue all use of and all access to other copies of Project Gutenberg™ works. • You provide, in accordance with paragraph 1.F.3, a full refund of any money paid for a work or a replacement copy, if a defect in the electronic work is discovered and reported to you within 90 days of receipt of the work. • You comply with all other terms of this agreement for free distribution of Project Gutenberg™ works. 1.E.9. If you wish to charge a fee or distribute a Project Gutenberg™ electronic work or group of works on different terms than are set forth in this agreement, you must obtain permission in writing from the Project Gutenberg Literary Archive Foundation, the manager of the Project Gutenberg™ trademark. Contact the Foundation as set forth in Section 3 below. 1.F. 1.F.1. Project Gutenberg volunteers and employees expend considerable effort to identify, do copyright research on, transcribe and proofread works not protected by U.S. copyright law in creating the Project Gutenberg™ collection. Despite these efforts, Project Gutenberg™ electronic works, and the medium on which they may be stored, may contain “Defects,” such as, but not limited to, incomplete, inaccurate or corrupt data, transcription errors, a copyright or other intellectual property infringement, a defective or
damaged disk or other medium, a computer virus, or computer codes that damage or cannot be read by your equipment. 1.F.2. LIMITED WARRANTY, DISCLAIMER OF DAMAGES - Except for the “Right of Replacement or Refund” described in paragraph 1.F.3, the Project Gutenberg Literary Archive Foundation, the owner of the Project Gutenberg™ trademark, and any other party distributing a Project Gutenberg™ electronic work under this agreement, disclaim all liability to you for damages, costs and expenses, including legal fees. YOU AGREE THAT YOU HAVE NO REMEDIES FOR NEGLIGENCE, STRICT LIABILITY, BREACH OF WARRANTY OR BREACH OF CONTRACT EXCEPT THOSE PROVIDED IN PARAGRAPH 1.F.3. YOU AGREE THAT THE FOUNDATION, THE TRADEMARK OWNER, AND ANY DISTRIBUTOR UNDER THIS AGREEMENT WILL NOT BE LIABLE TO YOU FOR ACTUAL, DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE OR INCIDENTAL DAMAGES EVEN IF YOU GIVE NOTICE OF THE POSSIBILITY OF SUCH DAMAGE. 1.F.3. LIMITED RIGHT OF REPLACEMENT OR REFUND - If you discover a defect in this electronic work within 90 days of receiving it, you can receive a refund of the money (if any) you paid for it by sending a written explanation to the person you received the work from. If you received the work on a physical medium, you must return the medium with your written explanation. The person or entity that provided you with the defective work may elect to provide a replacement copy in lieu of a refund. If you received the work electronically, the person or entity providing it to you may choose to give you a second opportunity to receive the work electronically in lieu of a refund. If the second copy is also defective, you may demand a refund in writing without further opportunities to fix the problem. 1.F.4. Except for the limited right of replacement or refund set forth in paragraph 1.F.3, this work is provided to you ‘AS-IS’, WITH NO OTHER WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PURPOSE. 1.F.5. Some states do not allow disclaimers of certain implied warranties or the exclusion or limitation of certain types of damages. If any disclaimer or limitation set forth in this agreement violates the law of the state applicable to this agreement, the agreement shall be interpreted to make the maximum disclaimer or limitation permitted by the applicable state law. The invalidity or unenforceability of any provision of this agreement shall not void the remaining provisions. 1.F.6. INDEMNITY - You agree to indemnify and hold the Foundation, the trademark owner, any agent or employee of the Foundation, anyone providing copies of Project Gutenberg™ electronic works in accordance with this agreement, and any volunteers associated with the production, promotion and distribution of Project Gutenberg™ electronic works, harmless from all liability, costs and expenses, including legal fees, that arise directly or indirectly from any of the following which you do or cause to occur: (a) distribution of this or any Project Gutenberg™ work, (b) alteration, modification, or additions or deletions to any Project Gutenberg™ work, and (c) any Defect you cause. Section 2. Information about the Mission of Project Gutenberg™ Project Gutenberg™ is synonymous with the free distribution of electronic works in formats readable by the widest variety of computers including obsolete, old, middle-aged and new computers. It exists because of the efforts of hundreds of volunteers and donations from people in all walks of life. Volunteers and financial support to provide volunteers with the assistance they need are critical to reaching Project Gutenberg™’s goals and ensuring that the Project Gutenberg™ collection will
remain freely available for generations to come. In 2001, the Project Gutenberg Literary Archive Foundation was created to provide a secure and permanent future for Project Gutenberg™ and future generations. To learn more about the Project Gutenberg Literary Archive Foundation and how your efforts and donations can help, see Sections 3 and 4 and the Foundation information page at www.gutenberg.org. Section 3. Information about the Project Gutenberg Literary Archive Foundation The Project Gutenberg Literary Archive Foundation is a non-profit 501(c)(3) educational corporation organized under the laws of the state of Mississippi and granted tax exempt status by the Internal Revenue Service. The Foundation’s EIN or federal tax identification number is 64-6221541. Contributions to the Project Gutenberg Literary Archive Foundation are tax deductible to the full extent permitted by U.S. federal laws and your state’s laws. The Foundation’s business office is located at 809 North 1500 West, Salt Lake City, UT 84116, (801) 596-1887. Email contact links and up to date contact information can be found at the Foundation’s website and official page at www.gutenberg.org/contact Section 4. Information about Donations to the Project Gutenberg Literary Archive Foundation Project Gutenberg™ depends upon and cannot survive without widespread public support and donations to carry out its mission of increasing the number of public domain and licensed works that can be freely distributed in machine-readable form accessible by the widest array of equipment including outdated equipment. Many
small donations ($1 to $5,000) are particularly important to maintaining tax exempt status with the IRS. The Foundation is committed to complying with the laws regulating charities and charitable donations in all 50 states of the United States. Compliance requirements are not uniform and it takes a considerable effort, much paperwork and many fees to meet and keep up with these requirements. We do not solicit donations in locations where we have not received written confirmation of compliance. To SEND DONATIONS or determine the status of compliance for any particular state visit www.gutenberg.org/donate. While we cannot and do not solicit contributions from states where we have not met the solicitation requirements, we know of no prohibition against accepting unsolicited donations from donors in such states who approach us with offers to donate. International donations are gratefully accepted, but we cannot make any statements concerning tax treatment of donations received from outside the United States. U.S. laws alone swamp our small staff. Please check the Project Gutenberg web pages for current donation methods and addresses. Donations are accepted in a number of other ways including checks, online payments and credit card donations. To donate, please visit: www.gutenberg.org/donate. Section 5. General Information About Project Gutenberg™ electronic works Professor Michael S. Hart was the originator of the Project Gutenberg™ concept of a library of electronic works that could be freely shared with anyone. For forty years, he produced and distributed Project Gutenberg™ eBooks with only a loose network of volunteer support.
Project Gutenberg™ eBooks are often created from several printed editions, all of which are confirmed as not protected by copyright in the U.S. unless a copyright notice is included. Thus, we do not necessarily keep eBooks in compliance with any particular paper edition. Most people start at our website which has the main PG search facility: www.gutenberg.org. This website includes information about Project Gutenberg™, including how to make donations to the Project Gutenberg Literary Archive Foundation, how to help produce our new eBooks, and how to subscribe to our email newsletter to hear about new eBooks.
back

More Related Content

PDF
From Code to Security Building Secure Web Applications
bySeasiaInfotech2
 
PPT
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
byAlan Kan
 
PDF
Web Application Penetration Testing Course in 2025.pdf
bydaksh908982
 
PPT
Web Application Hacking 2004
byMike Spaulding
 
PDF
Web 20 Security Defending Ajax Ria And Soa Shreeraj Shah
bygqkbolrijy636
 
PPTX
Web SecurityWeb SecurityWeb SecurityWeb Security
byuser201002adobe
 
PDF
Web Application Security with PHP
byjikbal
 
PDF
Social Networks And Phishing
byecarrow
 
From Code to Security Building Secure Web Applications
bySeasiaInfotech2
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
byAlan Kan
 
Web Application Penetration Testing Course in 2025.pdf
bydaksh908982
 
Web Application Hacking 2004
byMike Spaulding
 
Web 20 Security Defending Ajax Ria And Soa Shreeraj Shah
bygqkbolrijy636
 
Web SecurityWeb SecurityWeb SecurityWeb Security
byuser201002adobe
 
Web Application Security with PHP
byjikbal
 
Social Networks And Phishing
byecarrow
 

Similar to Internet and Web Application Security 3rd Edition Mike Harwood

PPT
Web Application Security
byColin English
 
PDF
Best Practices for Secure Web Application Development by Site Invention.pdf
bysiteseo
 
PPTX
Web Application Security
bysudip pudasaini
 
PDF
Web 2 0 Security defending Ajax Ria and Soa 1st Edition Shreeraj (Shreeraj Sh...
bysheqjakokali
 
PPT
Essentials Of Security
byxsy
 
PPTX
CyberSecurityppt. pptx
byiamayesha2526
 
PPTX
Computer Security.pptx
byKENNEDYDONATO1
 
PPTX
Web_Appication_Security_Training_For_Developers.pptx
byxobewe1102
 
PDF
Web Security Privacy And Commerce 2nd Edition Second Edition Simson Garfinkel
bytaraghmenti41
 
PPT
Secure by design and secure software development
byBill Ross
 
PPTX
Chapter1:information security overview
byDr.Sami Khiami
 
PDF
Web application security the fast guide
byDr.Sami Khiami
 
PDF
Review Paper ( Research Articles )
bySaadSaif6
 
PPTX
00. introduction to app sec v3
byEoin Keary
 
PDF
Essentials of Web Application Security: what it is, why it matters and how to...
byCenzic
 
PDF
Advanced security - Seccom Global
byKim Tu
 
PDF
Powering up a Career in Internet Security 1st Edition Don Rauf
byplatyiamoyar
 
PDF
Web application security (eng)
byAnatoliy Okhotnikov
 
PDF
Wfh security risks - Ed Adams, President, Security Innovation
byPriyanka Aash
 
PDF
"Thinking diffrent" about your information security strategy
byJason Clark
 
Web Application Security
byColin English
 
Best Practices for Secure Web Application Development by Site Invention.pdf
bysiteseo
 
Web Application Security
bysudip pudasaini
 
Web 2 0 Security defending Ajax Ria and Soa 1st Edition Shreeraj (Shreeraj Sh...
bysheqjakokali
 
Essentials Of Security
byxsy
 
CyberSecurityppt. pptx
byiamayesha2526
 
Computer Security.pptx
byKENNEDYDONATO1
 
Web_Appication_Security_Training_For_Developers.pptx
byxobewe1102
 
Web Security Privacy And Commerce 2nd Edition Second Edition Simson Garfinkel
bytaraghmenti41
 
Secure by design and secure software development
byBill Ross
 
Chapter1:information security overview
byDr.Sami Khiami
 
Web application security the fast guide
byDr.Sami Khiami
 
Review Paper ( Research Articles )
bySaadSaif6
 
00. introduction to app sec v3
byEoin Keary
 
Essentials of Web Application Security: what it is, why it matters and how to...
byCenzic
 
Advanced security - Seccom Global
byKim Tu
 
Powering up a Career in Internet Security 1st Edition Don Rauf
byplatyiamoyar
 
Web application security (eng)
byAnatoliy Okhotnikov
 
Wfh security risks - Ed Adams, President, Security Innovation
byPriyanka Aash
 
"Thinking diffrent" about your information security strategy
byJason Clark
 

Recently uploaded

PPTX
Limpitlaw "Licensing: From Mindset to Milestones"
byNational Information Standards Organization (NISO)
 
PDF
FAMILY ASSESSMENT FORMAT - CHN practical
byDr. Sudhadevi Sadanandan
 
DOCX
Mobile applications Devlopment ReTest year 2025-2026
byDr. Mazin Mohamed alkathiri
 
PPTX
The Art Pastor's Guide to the Liturgical Calendar
bySteve Thomason
 
PPTX
Rectal Surgery in Senior Citiizens .pptx
byJohn Thanakumar
 
PPTX
15 December 2025 Education for human flourishing Michael Stevenson .pptx
byEduSkills OECD
 
PDF
Digital Wellness in University Communities: Libraries as Guardians of Healthy...
bySylvester Ebhonu
 
PDF
Projecte de la porta de la classe de primer A: Mar i cel.
byeduardrubio1
 
PDF
BỘ TEST KIỂM TRA CUỐI HỌC KÌ 1 - TIẾNG ANH 6-7-8-9 GLOBAL SUCCESS - PHIÊN BẢN...
byNguyen Thanh Tu Collection
 
PDF
Blue / Green: Troop Leading Procedure (TLP) Overview.pdf
byBlue / Green Training
 
PPTX
ELEMENTS OF COMMUNICATION (UNIT 2) .pptx
byPOOJA KARVANDE
 
PPTX
Pain. definition, causes, factor influencing pain & pain assessment.pptx
byPompi Begum
 
PPTX
CHAPTER NO.08 HCP BY GG CLINICAL PHARMACY
byGanu Gavade
 
PPTX
How to Manage Line Discounts in Odoo 18 POS
byCeline George
 
PDF
Models of Teaching - TNTEU - B.Ed I Semester - Teaching and Learning - BD1TL ...
byDr Raja Mohammed T
 
PPTX
How to use search_read method in Odoo 18
byCeline George
 
PPTX
Accounting Skills Paper-II (Registers of PACs and Credit Co-operative Societies)
byDr. Sushil Bansode
 
PPTX
Semester 6 unit 2 Atopic dermatitis.pptx
bysachin7989
 
PDF
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
PDF
Unit-III pdf (Basic listening Skill, Effective Writing Communication & Writin...
bySayyadTarannum
 
Limpitlaw "Licensing: From Mindset to Milestones"
byNational Information Standards Organization (NISO)
 
FAMILY ASSESSMENT FORMAT - CHN practical
byDr. Sudhadevi Sadanandan
 
Mobile applications Devlopment ReTest year 2025-2026
byDr. Mazin Mohamed alkathiri
 
The Art Pastor's Guide to the Liturgical Calendar
bySteve Thomason
 
Rectal Surgery in Senior Citiizens .pptx
byJohn Thanakumar
 
15 December 2025 Education for human flourishing Michael Stevenson .pptx
byEduSkills OECD
 
Digital Wellness in University Communities: Libraries as Guardians of Healthy...
bySylvester Ebhonu
 
Projecte de la porta de la classe de primer A: Mar i cel.
byeduardrubio1
 
BỘ TEST KIỂM TRA CUỐI HỌC KÌ 1 - TIẾNG ANH 6-7-8-9 GLOBAL SUCCESS - PHIÊN BẢN...
byNguyen Thanh Tu Collection
 
Blue / Green: Troop Leading Procedure (TLP) Overview.pdf
byBlue / Green Training
 
ELEMENTS OF COMMUNICATION (UNIT 2) .pptx
byPOOJA KARVANDE
 
Pain. definition, causes, factor influencing pain & pain assessment.pptx
byPompi Begum
 
CHAPTER NO.08 HCP BY GG CLINICAL PHARMACY
byGanu Gavade
 
How to Manage Line Discounts in Odoo 18 POS
byCeline George
 
Models of Teaching - TNTEU - B.Ed I Semester - Teaching and Learning - BD1TL ...
byDr Raja Mohammed T
 
How to use search_read method in Odoo 18
byCeline George
 
Accounting Skills Paper-II (Registers of PACs and Credit Co-operative Societies)
byDr. Sushil Bansode
 
Semester 6 unit 2 Atopic dermatitis.pptx
bysachin7989
 
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
Unit-III pdf (Basic listening Skill, Effective Writing Communication & Writin...
bySayyadTarannum
 

Internet and Web Application Security 3rd Edition Mike Harwood

  • 1.
    Internet and WebApplication Security 3rd Edition Mike Harwood install download https://ebookmeta.com/product/internet-and-web-application- security-3rd-edition-mike-harwood/ Download more ebook from https://ebookmeta.com
  • 2.
    We believe theseproducts will be a great fit for you. Click the link to download now, or visit ebookmeta.com to discover even more! Grokking Web Application Security (MEAP V02) Malcolm Mcdonald https://ebookmeta.com/product/grokking-web-application-security- meap-v02-malcolm-mcdonald/ Web Application Security: Exploitation and Countermeasures for Modern Web Applications 2nd Edition Andrew Hoffman https://ebookmeta.com/product/web-application-security- exploitation-and-countermeasures-for-modern-web-applications-2nd- edition-andrew-hoffman/ Web Application Security 2nd Edition (Early Release) Andrew Hoffman https://ebookmeta.com/product/web-application-security-2nd- edition-early-release-andrew-hoffman/ Effective Go: Elegant, Efficient, and Testable Code (MEAP Version 3) 1 / chapter 1 to 6 of 8 Edition Inanc Gumus https://ebookmeta.com/product/effective-go-elegant-efficient-and- testable-code-meap-version-3-1-chapter-1-to-6-of-8-edition-inanc- gumus/
  • 3.
    Mayhem Trailer ParkGirls Duet 1 1st Edition Cala Riley Riley Cala https://ebookmeta.com/product/mayhem-trailer-park-girls- duet-1-1st-edition-cala-riley-riley-cala/ Machine Learning 1st Edition Minsoo Kang https://ebookmeta.com/product/machine-learning-1st-edition- minsoo-kang/ Automate the Boring Stuff with Python Practical Programming for Total Beginners 1st Edition Al Sweigart https://ebookmeta.com/product/automate-the-boring-stuff-with- python-practical-programming-for-total-beginners-1st-edition-al- sweigart-3/ From Communication Landscapes to Bullying Battlegrounds 1st Edition Sibel Aydin https://ebookmeta.com/product/from-communication-landscapes-to- bullying-battlegrounds-1st-edition-sibel-aydin/ Essential Econometric Techniques A Guide to Concepts and Applications 3rd Edition Elia Kacapyr https://ebookmeta.com/product/essential-econometric-techniques-a- guide-to-concepts-and-applications-3rd-edition-elia-kacapyr/
  • 4.
    Interpreting Popular MusicWith a new preface by the author David Brackett https://ebookmeta.com/product/interpreting-popular-music-with-a- new-preface-by-the-author-david-brackett/
  • 10.
    World Headquarters Jones &Bartlett Learning 25 Mall Road Burlington, MA 01803 978-443-5000 info@jblearning.com www.jblearning.com Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com. Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to specialsales@jblearning.com. Copyright © 2024 by Jones & Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner. The content, statements, views, and opinions herein are the sole expression of the respective authors and not that of Jones & Bartlett Learning, LLC. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not constitute or imply its endorsement or recommendation by Jones & Bartlett Learning, LLC and such reference shall not be used for advertising or product endorsement purposes. All trademarks displayed are the trademarks of the parties noted herein. Internet and Web Application Security, Third Edition is an independent publication and has not been authorized, sponsored, or otherwise approved by the owners of the trademarks or service marks referenced in this product. There may be images in this book that feature models; these models do not necessarily endorse, represent, or participate in the activities represented in the
  • 11.
    images. Any screenshotsin this product are for educational and instructive purposes only. Any individuals and scenarios featured in the case studies throughout this product may be real or fictitious but are used for instructional purposes only. Production Credits Vice President, Product Management: Marisa R. Urbano Vice President, Content Strategy and Implementation: Christine Emerton Director, Content Management: Donna Gridley Manager, Content Strategy: Carolyn Pershouse Director, Product Management: Ray Chew Content Strategist: Melissa Duffy Content Coordinator: Mark Restuccia Development Editor: Ginny Munroe Director, Project Management and Content Services: Karen Scott Manager, Project Management: Jackie Reynen Project Manager: Madelene Nieman Senior Digital Project Specialist: Angela Dooley Marketing Manager: Mark Adamiak Content Services Manager: Colleen Lamy Vice President, Manufacturing and Inventory Control: Therese Connell Product Fulfillment Manager: Wendy Kilborn Composition and Project Management: Straive Cover and Text Design: Briana Yates Media Development Editor: Faith Brosnan Rights & Permissions Manager: John Rusk Rights Specialist: James Fortney Cover Image (Title Page, Part Opener, Chapter Opener): © Elena Kichigina/Shutterstock Printing and Binding: McNaughton & Gunn Library of Congress Cataloging-in-Publication Data Names: Harwood, Mike, author. | Price, Ron (Computer programmer), author. Title: Internet and web application security / Mike Harwood, Ron Price. Other titles: Security strategies in Web applications and social networking Description: Third edition. | Burlington, MA : Jones & Bartlett Learning, [2024] | Revised edition of: Security strategies in Web applications and social networking. | Includes bibliographical references and index. Identifiers: LCCN 2022038271 | ISBN 9781284206166 (paperback) Subjects: LCSH: Online social networks–Security measures. | Application software– Security measures. | Internet–Security measures. | World Wide Web–Security measures. Classification: LCC HM742 .H38 2024 | DDC 302.30285–dc23/eng/20220822 LC record available at https://lccn.loc.gov/2022038271
  • 12.
    6048 Printed in theUnited States of America 26 25 24 23 22 10 9 8 7 6 5 4 3 2 1
  • 13.
    © Elena Kichigina/Shutterstock Contents Preface Newto This Edition Acknowledgments About the Authors
  • 14.
    PART ONE TheInternet, the World Wide Web, and the Need for Security CHAPTER 1 The Internet and the World Wide Web Data and Information Data Information The Evolution of Computers and Computing Before There Was an Internet ARPANET The Legacy of ARPANET The Maturing Network Hypertext The Early Internet Gopher, Archie, and Veronica Groupware Hardware The World Wide Web (WWW) Tim Berners-Lee The Web Mosaic World Wide Web Phases Web 1.0 Web 2.0 Web 3.0 Web 4.0 Client/Server Computing Virtualization and Cloud Computing Virtualization Cloud Computing CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 1 ASSESSMENT CHAPTER 2 Security Considerations for SOHO and Personal Systems What Is Security?
  • 15.
    Vulnerabilities, Threats, andRisk Vulnerabilities Human Vulnerabilities and Error Weak Passwords Insecure Location System and Application Updates Not Applied No Backup Plan Natural Vulnerabilities Threats Ownership Threat Actors Social Engineering Antisocial Defense Identify Theft Malware and Ransomware Viruses Malware Malware Types Malware Movement Ransomware Risk Types of Risk Risk Assessment Risk Matrix Protecting Assets Keeping Private Data Private Hardening Exposures Closures The Benefits of Hardening Cookies Wireless Network Vulnerabilities Minimize Wireless Risks Encrypt Data in Transit Guard the SSID
  • 16.
    Threat and RiskIdentification Threat Maps Current Threat Identification Broken Access Control Cryptographic Failures Injections Weak Security Design Misconfiguration Identification and Authentication Failures Application Software and Data Integrity Issues Insufficient Security Logging and Monitoring CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 2 ASSESSMENT CHAPTER 3 Security Considerations for Business Business on the Web Business Modes Early E-Commerce Customer-Focused Services The Evolution of the Web Website Security Vulnerabilities Threats Ransomware Online Business Risk Asset Identification Data Assets Managing Risk Risk Assessments Qualitative and Quantitative Qualitative Assessment Quantitative Assessment Mitigation Strategies Securing IP Communications
  • 17.
    Secure Access forRemote Employees CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 3 ASSESSMENT PART TWO Secure Web-Enabled Application Deployment and Social Networking CHAPTER 4 Mitigating Risk When Connecting to the Internet The Threats and Risks on the Internet Risks and Threats Hackers and Predators Malware Vulnerabilities and Exploits Personal Attacks Online Risks and Threats Website Hosting External Web Hosting Internal Web Hosting Domain Name Server DNS Names Common DNS Attacks Best Practices for Connecting to the Internet CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 4 ASSESSMENT CHAPTER 5 Mitigating Website Risks, Threats, and Vulnerabilities Who Is Coming to Your Website? Whom Do You Want to Come to Your Website? Accepting User Input on Your Website Forums Website Feedback Forms Online Surveys The OWASP Top 10 Threats Broken Access Control
  • 18.
    Cryptographic Failures Injection Insecure Design SecurityMisconfigurations Vulnerable and Outdated Components Identification and Authentication Failures Software and Data Integrity Failures Security Logging and Monitoring Failures Server-Side Request Forgery (SSRF) Additional Web Threats Not in the Top 10 Information Leakage and Improper Error Handling Unsecure Communications Failure to Restrict URL Access Mitigating Web Risks, Threats, and Vulnerabilities CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 5 ASSESSMENT CHAPTER 6 Web Application Security Web Applications Web Application Vulnerabilities Web Application Security Areas Web Services Common Website Attacks Abuse of Functionality Brute-Force Attacks Developing Password Policies Buffer Overflow Content Spoofing Credential/Session Prediction Cross-Site Scripting Cross-Site Request Forgery Denial of Service Fingerprinting Format String
  • 19.
    HTTP Attacks Integer Overflows InjectionAttacks URL Redirector Abuses OS Commanding Path Traversal Predictable Resource Location Remote File Inclusion (RFI) Routing Detour Session Fixation SOAP Array Abuse XML Attacks Common Website Weaknesses Application Misconfiguration Directory Indexing Improper File System Permissions Improper Input Handling Improper Output Handling Information Leakage Unsecure Indexing Insufficient Anti-Automation Insufficient Authentication Insufficient Authorization Insufficient Password Recovery Insufficient Process Validation Insufficient Session Expiration Insufficient Transport Layer Protection Server Misconfiguration Best Practices for Mitigating Web Attacks Best Practices for Mitigating Weaknesses CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 6 ASSESSMENT CHAPTER 7 How Web Applications Work and Building a Secure Foundation
  • 20.
    How Web ApplicationsWork Web Application Function Web Application Benefits Web Application Disadvantages Third-Party Apps Versus Third-Party Web Apps Third-Party Web Apps Web App Architecture Application Programming Interface (API) Security Regulations, Standards, and Guidelines Internet Law Censorship and Control Internet and Web Laws and Regulations Specific Information Security Standards Payment Card Industry Data Security Standard Types of Information Security Application Security Infrastructure Security Cloud Security Mitigating Risk in Web Applications Guidelines and Standards for Securing Web Applications The PCI DSS Security Actions to Protect Websites Protect Your System with Firewalls Configure Passwords and Settings Protect Stored PII Data Encrypt Transmission of Data Across Open, Public Networks Use and Regularly Update Antivirus Software Regularly Update and Patch Systems Restrict Physical Access to Workplace and Data Implement Logging and Log Management Conduct Vulnerability Scans and Penetration Tests Documentation and Risk Assessments CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 7 ASSESSMENT
  • 21.
    CHAPTER 8 DevelopingSecure Websites and Web Applications Accepting User Input into a Website Functional Websites Hypertext Markup Language Common Gateway Interface Script JavaScript SQL Database Back-End Development Processes Secure Application Development Layered Security Strategies for Websites and Web Applications Concept and Planning Architecture and Design Implementation Testing and Debugging Release and Maintenance End of Life Incorporating Security Requirements Within the SDLC Systems Analysis Stage Designing Stage Implementation Stage Testing Stage Acceptance and Deployment Stage Maintenance Using Secure and Unsecure Protocols How Secure Sockets Layer Works SSL/TLS Encryption and Hash Protocols Selecting an Appropriate Access Control Solution Best Practices for Securing Web Applications CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 8 ASSESSMENT CHAPTER 9 Mitigating Web Application Vulnerabilities Causes of Web Application Vulnerabilities Authentication
  • 22.
    Input Validation Session Management NonsecureCode in Software Applications Developing Policies to Mitigate Vulnerabilities Implementing Secure Coding Best Practices Incorporating HTML Secure Coding Standards and Techniques Incorporating JavaScript Secure Coding Standards and Techniques Incorporating CGI Form and SQL Database Access Secure Coding Standards and Techniques Implementing SCM and Revision-Level Tracking Best Practices for Mitigating Web Application Vulnerabilities CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 9 ASSESSMENT CHAPTER 10 Performing a Website Vulnerability and Security Assessment Software Testing Versus Website Vulnerability and Security Assessments Performing an Initial Discovery on the Targeted Website Ping Sweep Nmap Operating System Fingerprint Nessus Vulnerability and Port Scan Performing a Vulnerability and Security Assessment Web Server OS Web Server Application Website Front-End Website Forms and User Inputs Incorporate PCI DSS for E-Commerce Websites Using Planned Attacks to Identify Vulnerabilities Develop an Attack Plan Identify Gaps and Holes Escalate the Privilege Level Vulnerabilities in Back-End Systems and Structured Query Language (SQL) Databases Develop an Attack Plan Identify Gaps and Holes
  • 23.
    Escalate the PrivilegeLevel Perform an SQL Injection for Data Extraction Preparing a Vulnerability and Security Assessment Report Executive Summary Summary of Findings Vulnerability Assessment Security Assessment Recommendations Best Practices for Website Vulnerability and Security Assessments Choose the Right Tools Test Inside and Out Think Outside the Box Research, Research, Research CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 10 ASSESSMENT CHAPTER 11 Maintaining Compliance for E-Commerce Websites Compliance Issues for Websites General Privacy Laws General Data Protection Regulation (GDPR) California Privacy Rights Act (CPRA) Website Legal Requirements Legal Requirements Compliance Privacy Policy Cookie Management Policy Terms and Conditions Records of User Consent Other Laws Affecting Websites and Data Privacy Operational Compliance Security Measures “Lawful Basis” Data Handling Payment Processing Compliance PCI DSS Standard
  • 24.
    Revised Payment ServicesDirective (PSD2) 3D Secure 2.0 (3DS2) KYB and KYC Verification Tax Compliance Other Compliance Elements CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 11 ASSESSMENT CHAPTER 12 Testing and Quality Assurance for Websites Development and Production Software Environments Software Development Methodologies Software Development Life Cycle Agile Software Development Methodology Scrum Other Agile Development Methodologies Joint Application Development (JAD) JAD Team Roles JAD Sessions and Workshops DevOps Website Testing First Impressions Functional Testing Links Testing Forms Testing Cookies Testing HTML/CSS Validation Testing Security Testing Mitigating Website Security Flaws Mobile Devices Documentation Testing Releasing a Website to the World Pre-Launch Tasks Website Launch Website Diagnostics
  • 25.
    SEO Strategy Post-Launch CHAPTER SUMMARY KEYCONCEPTS AND TERMS CHAPTER 12 ASSESSMENT PART THREE Web Applications and Social Networking Gone Mobile CHAPTER 13 Securing Mobile Communications Endpoint Devices Smartphones Tablets Cellular Networks and How They Work 1G Networks 2G Networks 3G Networks 4G Networks Security 4G Networks 5G Networks 5G Types 5G Signaling 5G Networking Wireless Endpoint Communication Voice Communication Voice Communication Security Email Instant Messaging (IM) Chat SMS/Text Messaging MMS Messaging Endpoint Device Risks, Threats, and Vulnerabilities OWASP Top 10 Mobile Risks Securing Endpoint Device Communication Technological Security of Devices Applications and Systems Physical Security of Devices
  • 26.
    The Internet ofThings IoT Components IoT Applications CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 13 ASSESSMENT CHAPTER 14 Securing Personal and Business Communications Privacy and Security in Communication Data-in-Transit Communication Privacy and Security Privacy Versus Security Online Privacy and Security Internet Privacy Issues Store-and-Forward Communication Real-Time Communication Threats to Personal and Business Communications Mitigating Voicemail Risks Messaging on Social Networking Sites Presence and Availability Instant Messaging Chat Short Message Service Text Messaging Multimedia Messaging Service Messaging Voice over IP Threats Securing Telephone and Private Branch Exchange Communications Securing Unified Communications CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 14 ASSESSMENT CHAPTER 15 Security Training, Education, and Certification Security and Careers—Database Administration Database Security Database Administrator Versus Database Designer Database Management Tasks
  • 27.
    Database Security Trainingand Certification Security and Careers—Application Development Common Programming Tasks Programming Training and Certification Security and Careers—Network Management Common Network Administration Tasks Network Administration Training and Certification Reviewing Security Information Security and Careers—Web Design and Administration Security for Web Developers Daily Tasks for Web Developers CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 15 ASSESSMENT APPENDIX A Answer Key APPENDIX B Standard Acronyms APPENDIX C Internet and Web Cybersecurity Certifications Glossary of Key Terms References Index
  • 28.
    © Elena Kichigina/Shutterstock Preface Purposeof This Book This book is part of the Information Systems Security & Assurance Series from Jones & Bartlett Learning (www.jblearning.com).
  • 29.
    Designed for coursesand curriculums in IT security, cybersecurity, information assurance, and information systems security, this series features a comprehensive, consistent treatment of the most current thinking and trends in this critical subject area. These titles deliver fundamental information-security principles packed with real-world applications and examples. Authored by professionals experienced in information systems security, they deliver comprehensive information on all aspects of information security. Reviewed word for word by leading technical experts in the field, these books are not just current, but forward-thinking—putting you in the position to solve the cybersecurity challenges not just of today, but of tomorrow as well. Part 1 of this book examines the evolutionary changes that have occurred in computer technology and personal and business communications, and social interaction and networking on the internet and World Wide Web. It also covers relevant security considerations for small businesses and personal users. Part 2 reviews the risks, threats, and vulnerabilities associated with web applications, including the risks, threats, and vulnerabilities associated with websites, especially those, like social networking, which allow perpetrators to plant malicious code and malware with widespread global impact. The best practices to apply security to the development, deployment, and maintenance of a website and its applications and services to prevent, mitigate, and avoid these threats are explored. Common sense and best practices for online privacy and securing your privacy data are presented, providing you with countermeasures to protect your privacy and privacy data. Part 3 presents the next and greatest business challenge—securing the mobile user. With web applications and social networking now being accessed remotely and from mobile wireless connected devices, these devices are at risk. This part of the book explores mobile communications security, given the rapid use of 4G and 5G wireless networking for mobile communication. You also learn about VoIP- and SIP-enabled applications, such as unified communications, and how they provide real-time communications for both personal and business use. Finally, web-security organizations, standards
  • 30.
    organizations, education, training,and certification organizations are presented to provide you with additional resources and planning strategies for a career in secure web application design and development. Learning Features The writing style of this book is practical and conversational. Step- by-step examples of information security concepts and procedures are presented throughout the text. Each chapter begins with a statement of learning objectives. Illustrations are used both to clarify the material and to vary the presentation. The text is sprinkled with Notes, Tips, FYIs, Warnings, and sidebars to alert the reader to additional helpful information related to the subject under discussion. Chapter Assessments appear at the end of each chapter, with solutions provided in Appendix A. Chapter summaries are included in the text to provide a rapid review or preview of the material and to help students understand the relative importance of the concepts presented.
  • 31.
    © Elena Kichigina/Shutterstock Newto This Edition The third edition of this book reflects the changes taking place on the internet, and in web applications and cloud computing. Most of these changes are technology driven, but a fair amount of them are
  • 32.
    the result ofuser and developer experience and the knowledge gained from it. In addition, the applicable security standards and guidelines that are also emerging, or advancing, are discussed when relevant to the area to which they apply. In each case, these changes and their impacts are explored. This edition maintains the focus on web security but expands on its inclusion in the design, development, and application to webpages, applications, and services. The role of the user and his or her importance to the design and functionality of these web elements has also been emphasized. Audience The material is suitable for undergraduate or graduate computer science majors or information science majors, or students at a two- year technical college or community college who have a basic technical background, or readers who have a basic understanding of IT security and want to expand their knowledge. Cloud Labs This text is accompanied by Cybersecurity Cloud Labs. These hands- on virtual labs provide immersive mock IT infrastructures where students can learn and practice foundational cybersecurity skills as an extension of the lessons in this textbook. For more information or to purchase the labs, visit go.jblearning.com/Harwood3e.
  • 33.
    © Elena Kichigina/Shutterstock Acknowledgments Ittakes the dedication and hard work of many people to create a book such as this. The professionals at Ascend Learning and Jones & Bartlett Learning are fantastic, and their support, guidance, and
  • 34.
    wisdom was appreciatedthroughout this entire project. I especially wish to thank Melissa Duffy for her guidance and support. I also wish to thank Virginia “Ginny” Munroe, whose language skills and technical knowledge vastly improved the understandability of the message I was attempting to make. – Ron Price
  • 35.
    © Elena Kichigina/Shutterstock Aboutthe Authors Mike Harwood (MCT, MCSE, A+, Network+, Server+, Linux+) has more than 15 years experience working in information technology and related fields. In that time, he’s held a number of roles within IT,
  • 36.
    including network administrator,instructor, technical writer, Web site designer, consultant, and online marketing strategist. He’s been a regular on-air technology contributor for CBC Radio and has written numerous computer books, including the best-selling Network+ Exam Cram for Que Publishing and the A+ Faster Smarter title for Microsoft. Currently Mike is employed as the new editor and writer for the yoursecondfifty.com/magazine. Ron Price’s career has essentially spanned the entire development of computing, security, and networking, beginning with punched-card equipment. His experience has included programming, design, consulting, and management in education, telecommunication, and public accounting. He holds several IT and security certifications and has published numerous books under his own name as well as the pen name of “Ron Gilster.” Ron is now semi-retired in the Ozark Mountains of Arkansas, continuing to write and teach part time.
  • 37.
  • 38.
    P A RT O N E The Internet, the World Wide Web, and the Need for Security CHAPTER 1 The Internet and the World Wide Web CHAPTER 2 Security Considerations for SOHO and Personal Systems CHAPTER 3 Security Considerations for Business
  • 39.
  • 40.
    C H AP T E R 1 The Internet and the World Wide Web IN THE WORLD OF COMPUTING AND NETWORKING, game- changing technologies continue to emerge. Some new technologies replace existing ones, some make existing technologies better, as in more efficient, more effective, and perhaps, even more affordable, and others introduce capabilities not seen before. The cycle of advancement and improvement is ongoing and is likely to continue for a long time to come. This chapter provides a brief look back on the developments and events in data processing, computing, and networking that have led to the emergence of the internet and the World Wide Web. We look at the internet, its origins, technologies, and the myriad ways it has become a part of our daily lives. CHAPTER 1 TOPICS The topics and concepts covered in this chapter include: Data, data processing, and information The evolution of computers and computing Before there was an internet The early internet The World Wide Web Client/server computing Virtualization and cloud computing
  • 41.
    CHAPTER 1 GOALS Whenyou complete this chapter, you will be able to: Explain the importance and differences of data and information Discuss the history of computers and their uses Explain why there was a need for the internet Discuss the early developments of internetworking Identify the key developments and developers of the web Explain server, clients, and network virtualization Identify the service types and delivery modes of cloud computing
  • 42.
    Data and Information It’scommon to hear the terms data and information used interchangeably as if they are one and the same. They’re technically not the same. Data and information are different, and they represent completely separate places in the cycle of what we know as data processing. However, before we get too much into the processing of data, let’s take a look at data and what they are. Data Whether you pronounce it as “dayta” or “datta,” without data, there would be no data processing, no internet, no information systems, and no web. Data are the fuel and the reason for computing, networking, automation, and all other digital processing. Without data, computers wouldn’t exist because there’d be no reason for them to exist. If there was no concept of a “2” as data, then 2 + 2 would have no meaning whatsoever. Data are a part of life. As we go about our daily lives, we constantly take in data through our senses: We see data, we hear data, and we feel data. We see actions, colors, words, images, and more. We hear sounds, tones, inflections, and more. We feel the temperature of the air and objects, pain and sensation, texture, and more. In each of these and other sensual perceptions, we take in data. Data is actually a plural form of datum. A datum, according to Merriam-Webster.com, is “something given or admitted especially as a basis for reasoning or inference” or “something used as a basis for calculating or measuring.” Data are made up of one or more datum. In other words, two “datum” are data. For example, if someone walks up to you and says “blue,” you will likely envision the color of the sky, a shirt, a dress, water, or any number of other blue things. However, the word “blue” by itself has little meaning. It represents only a color; blue is just blue. The same can be said for the word “sky.” it is a thing, maybe a place, but it is not specific to any
  • 43.
    context. We providethe context according to our own frame of reference. If we hear “blue sky,” the two datums take on a context, which gives it meaning, and has the capability to answer a question. The fact that the sky is blue is data, and if the person who brought up “blue” in the first place asks you, “What color is the sky?” you can reply with the data at hand: “The sky is blue.” Because it now has context and meaning, it is now considered information. Figure 1-1 illustrates the relationship between datum and data and the relationship of data to information. A datum is a single value, attribute, characteristic, or identity of something. In the example above, “blue” is datum, “sky” is datum, just like “5” and “10” and “feet” and “inches” are each a datum. When we store a datum in a computer’s memory, it may fit into a single byte (which stands for binary eight, meaning eight bits to store binary values), or it might require several bytes. The amount of storage space the datum requires has no effect on what it represents. Storing just one isolated datum on a computer would be unusual because datums are typically combined into related (sometimes loosely related) groups. Each of these groupings is data, and groupings are all considered data.
  • 45.
    FIGURE 1-1 Datumis collected into data, which can be processed into information. Description
  • 46.
    Information The primary characteristicof information is that it is the result or product of data being processed. The purpose of data processing is to produce information. Information has context relevant to an inquiry, question, or even a wonder. “What color is the sky?” By extracting the appropriate data from its storage locations, we are able to process that data into the response, “The sky is blue.” Information without context is just data. “What does 2 + 2 equal?” This question defines processing that is to be performed: the addition of 2 and 2 to produce a sum of the two datum. This simple example illustrates what data processing is all about. A problem is posed, and an algorithm performs a process on the datum to provide a solution. Another way to think about this is to think of datum as input to a process that manipulates the data to produce information. The purpose and objective of processing data is to produce information. The most basic model for processing data into information is known as the IPO (Input, Process, and Output) model. Figure 1-2 illustrates that an input source is entered into a processing element that produces information. This simple three-step process represents data processing and computing at its most basic. Even extremely complicated computer programs can be broken down into a series of processes that each perform the input, processing, and output of the IPO model. Often the input and the outputs come from or go to another process. If you understand the principle represented by the IPO model, then computing won’t be all that mysterious to you. From the largest computer to the smallest, the IPO model explains it all (well, almost).
  • 47.
    FIGURE 1-2 TheIPO model.
  • 48.
    TABLE 1-1 The Evolutionof Computers and Computing That very powerful smartphone, tablet, or notebook you are toting around most likely has more computing power than did many of the early generations of computers. Like most things technological, computers started out big and as technology increased their capabilities, computers and processing devices decreased in size. Sure, there are still very large computers like supercomputers and very small computers like a Raspberry Pi, but what once completely filled a university gymnasium now fits in your shirt or pants pocket with room to spare. The evolution of the computer has gone through generations, each tied to the emergence of an advance in technology. Table 1-1 delineates the five computer generations and what defined each. As you can see, computer technologies rapidly developed over a relatively short period. Depending on the scope of the discussion, the history of the computer can be 20 years, more than 80 years, or over a much longer time. It depends on your perspective. The Five Generations of Computers
  • 49.
    Description Just when thehistory of computing and computers actually began is debatable. Some say the history of computing began when a brilliant cave dweller discovered that two fingers or two of anything could mean something. There is a difference, as illustrated by our cave person, between computing and computers. Computing is a processing operation, like the IPO model. On the other hand, computers are the people, machines, and devices that provide the processing portion of the IPO model. In fact, the term “computers” was a job title in the past for people who “computed” accounts into ledgers. If we focus on only computers, as we know them today, their history is relatively short. As shown in Table 1-1, modern computer historians generally agree that the relevant birth of the computer and its computing capabilities began roughly around 1940. This doesn’t mean that we exclude those who contributed to the earlier development. Not at all. As discussed throughout the following
  • 50.
    Discovering Diverse ContentThrough Random Scribd Documents
  • 51.
    By William J.Locke CONTENTS THE DEMAGOGUE AND LADY PHAYRE CHAPTER I THE ETERNAL FEMININE CHAPTER II A REVOLUTION CHAPTER III THE END OF AN ACT CHAPTER IV LADY PHAYRE AND THE COMING MAN CHAPTER V LIZZIE CHAPTER VI THE STARS IN THEIR COURSES CHAPTER VII A DEMAGOGUE’S IDYLL CHAPTER VIII WITH THE HELP OF LADY PHAYRE CHAPTER IX SOME PSYCHOLOGICAL MOMENTS CHAPTER X LADY PHAYRE THROWS HER CAP OVER THE WINDMILLS. CHAPTER XI RECONSTRUCTION CHAPTER XII A LEADER OF MEN CHAPTER XIII THE CONCLUSION OF THE WHOLE MATTER IDOLS
  • 52.
    By William J.Locke CONTENTS IDOLS PROEM CHAPTER I CHAPTER II CHAPTER III CHAPTER IV CHAPTER V CHAPTER VI CHAPTER VII CHAPTER VIII CHAPTER IX CHAPTER X CHAPTER XI CHAPTER XII CHAPTER XIII CHAPTER XIV CHAPTER XV CHAPTER XVI CHAPTER XVII CHAPTER XVIII CHAPTER XIX CHAPTER XX CHAPTER XXI CHAPTER XXII CHAPTER XXIII CHAPTER XXIV CHAPTER XXV
  • 53.
    *** END OFTHE PROJECT GUTENBERG EBOOK INDEX OF THE PROJECT GUTENBERG WORKS OF WILLIAM J. LOCKE *** Updated editions will replace the previous one—the old editions will be renamed. Creating the works from print editions not protected by U.S. copyright law means that no one owns a United States copyright in these works, so the Foundation (and you!) can copy and distribute it in the United States without permission and without paying copyright royalties. Special rules, set forth in the General Terms of Use part of this license, apply to copying and distributing Project Gutenberg™ electronic works to protect the PROJECT GUTENBERG™ concept and trademark. Project Gutenberg is a registered trademark, and may not be used if you charge for an eBook, except by following the terms of the trademark license, including paying royalties for use of the Project Gutenberg trademark. If you do not charge anything for copies of this eBook, complying with the trademark license is very easy. You may use this eBook for nearly any purpose such as creation of derivative works, reports, performances and research. Project Gutenberg eBooks may be modified and printed and given away—you may do practically ANYTHING in the United States with eBooks not protected by U.S. copyright law. Redistribution is subject to the trademark license, especially commercial redistribution. START: FULL LICENSE
  • 54.
    THE FULL PROJECTGUTENBERG LICENSE
  • 55.
    PLEASE READ THISBEFORE YOU DISTRIBUTE OR USE THIS WORK To protect the Project Gutenberg™ mission of promoting the free distribution of electronic works, by using or distributing this work (or any other work associated in any way with the phrase “Project Gutenberg”), you agree to comply with all the terms of the Full Project Gutenberg™ License available with this file or online at www.gutenberg.org/license. Section 1. General Terms of Use and Redistributing Project Gutenberg™ electronic works 1.A. By reading or using any part of this Project Gutenberg™ electronic work, you indicate that you have read, understand, agree to and accept all the terms of this license and intellectual property (trademark/copyright) agreement. If you do not agree to abide by all the terms of this agreement, you must cease using and return or destroy all copies of Project Gutenberg™ electronic works in your possession. If you paid a fee for obtaining a copy of or access to a Project Gutenberg™ electronic work and you do not agree to be bound by the terms of this agreement, you may obtain a refund from the person or entity to whom you paid the fee as set forth in paragraph 1.E.8. 1.B. “Project Gutenberg” is a registered trademark. It may only be used on or associated in any way with an electronic work by people who agree to be bound by the terms of this agreement. There are a few things that you can do with most Project Gutenberg™ electronic works even without complying with the full terms of this agreement. See paragraph 1.C below. There are a lot of things you can do with Project Gutenberg™ electronic works if you follow the terms of this agreement and help preserve free future access to Project Gutenberg™ electronic works. See paragraph 1.E below.
  • 56.
    1.C. The ProjectGutenberg Literary Archive Foundation (“the Foundation” or PGLAF), owns a compilation copyright in the collection of Project Gutenberg™ electronic works. Nearly all the individual works in the collection are in the public domain in the United States. If an individual work is unprotected by copyright law in the United States and you are located in the United States, we do not claim a right to prevent you from copying, distributing, performing, displaying or creating derivative works based on the work as long as all references to Project Gutenberg are removed. Of course, we hope that you will support the Project Gutenberg™ mission of promoting free access to electronic works by freely sharing Project Gutenberg™ works in compliance with the terms of this agreement for keeping the Project Gutenberg™ name associated with the work. You can easily comply with the terms of this agreement by keeping this work in the same format with its attached full Project Gutenberg™ License when you share it without charge with others. 1.D. The copyright laws of the place where you are located also govern what you can do with this work. Copyright laws in most countries are in a constant state of change. If you are outside the United States, check the laws of your country in addition to the terms of this agreement before downloading, copying, displaying, performing, distributing or creating derivative works based on this work or any other Project Gutenberg™ work. The Foundation makes no representations concerning the copyright status of any work in any country other than the United States. 1.E. Unless you have removed all references to Project Gutenberg: 1.E.1. The following sentence, with active links to, or other immediate access to, the full Project Gutenberg™ License must appear prominently whenever any copy of a Project Gutenberg™ work (any work on which the phrase “Project Gutenberg” appears, or with which the phrase “Project Gutenberg” is associated) is accessed, displayed, performed, viewed, copied or distributed:
  • 57.
    This eBook isfor the use of anyone anywhere in the United States and most other parts of the world at no cost and with almost no restrictions whatsoever. You may copy it, give it away or re-use it under the terms of the Project Gutenberg License included with this eBook or online at www.gutenberg.org. If you are not located in the United States, you will have to check the laws of the country where you are located before using this eBook. 1.E.2. If an individual Project Gutenberg™ electronic work is derived from texts not protected by U.S. copyright law (does not contain a notice indicating that it is posted with permission of the copyright holder), the work can be copied and distributed to anyone in the United States without paying any fees or charges. If you are redistributing or providing access to a work with the phrase “Project Gutenberg” associated with or appearing on the work, you must comply either with the requirements of paragraphs 1.E.1 through 1.E.7 or obtain permission for the use of the work and the Project Gutenberg™ trademark as set forth in paragraphs 1.E.8 or 1.E.9. 1.E.3. If an individual Project Gutenberg™ electronic work is posted with the permission of the copyright holder, your use and distribution must comply with both paragraphs 1.E.1 through 1.E.7 and any additional terms imposed by the copyright holder. Additional terms will be linked to the Project Gutenberg™ License for all works posted with the permission of the copyright holder found at the beginning of this work. 1.E.4. Do not unlink or detach or remove the full Project Gutenberg™ License terms from this work, or any files containing a part of this work or any other work associated with Project Gutenberg™. 1.E.5. Do not copy, display, perform, distribute or redistribute this electronic work, or any part of this electronic work, without
  • 58.
    prominently displaying thesentence set forth in paragraph 1.E.1 with active links or immediate access to the full terms of the Project Gutenberg™ License. 1.E.6. You may convert to and distribute this work in any binary, compressed, marked up, nonproprietary or proprietary form, including any word processing or hypertext form. However, if you provide access to or distribute copies of a Project Gutenberg™ work in a format other than “Plain Vanilla ASCII” or other format used in the official version posted on the official Project Gutenberg™ website (www.gutenberg.org), you must, at no additional cost, fee or expense to the user, provide a copy, a means of exporting a copy, or a means of obtaining a copy upon request, of the work in its original “Plain Vanilla ASCII” or other form. Any alternate format must include the full Project Gutenberg™ License as specified in paragraph 1.E.1. 1.E.7. Do not charge a fee for access to, viewing, displaying, performing, copying or distributing any Project Gutenberg™ works unless you comply with paragraph 1.E.8 or 1.E.9. 1.E.8. You may charge a reasonable fee for copies of or providing access to or distributing Project Gutenberg™ electronic works provided that: • You pay a royalty fee of 20% of the gross profits you derive from the use of Project Gutenberg™ works calculated using the method you already use to calculate your applicable taxes. The fee is owed to the owner of the Project Gutenberg™ trademark, but he has agreed to donate royalties under this paragraph to the Project Gutenberg Literary Archive Foundation. Royalty payments must be paid within 60 days following each date on which you prepare (or are legally required to prepare) your periodic tax returns. Royalty payments should be clearly marked as such and sent to the Project Gutenberg Literary Archive Foundation at the address specified in Section 4, “Information
  • 59.
    about donations tothe Project Gutenberg Literary Archive Foundation.” • You provide a full refund of any money paid by a user who notifies you in writing (or by e-mail) within 30 days of receipt that s/he does not agree to the terms of the full Project Gutenberg™ License. You must require such a user to return or destroy all copies of the works possessed in a physical medium and discontinue all use of and all access to other copies of Project Gutenberg™ works. • You provide, in accordance with paragraph 1.F.3, a full refund of any money paid for a work or a replacement copy, if a defect in the electronic work is discovered and reported to you within 90 days of receipt of the work. • You comply with all other terms of this agreement for free distribution of Project Gutenberg™ works. 1.E.9. If you wish to charge a fee or distribute a Project Gutenberg™ electronic work or group of works on different terms than are set forth in this agreement, you must obtain permission in writing from the Project Gutenberg Literary Archive Foundation, the manager of the Project Gutenberg™ trademark. Contact the Foundation as set forth in Section 3 below. 1.F. 1.F.1. Project Gutenberg volunteers and employees expend considerable effort to identify, do copyright research on, transcribe and proofread works not protected by U.S. copyright law in creating the Project Gutenberg™ collection. Despite these efforts, Project Gutenberg™ electronic works, and the medium on which they may be stored, may contain “Defects,” such as, but not limited to, incomplete, inaccurate or corrupt data, transcription errors, a copyright or other intellectual property infringement, a defective or
  • 60.
    damaged disk orother medium, a computer virus, or computer codes that damage or cannot be read by your equipment. 1.F.2. LIMITED WARRANTY, DISCLAIMER OF DAMAGES - Except for the “Right of Replacement or Refund” described in paragraph 1.F.3, the Project Gutenberg Literary Archive Foundation, the owner of the Project Gutenberg™ trademark, and any other party distributing a Project Gutenberg™ electronic work under this agreement, disclaim all liability to you for damages, costs and expenses, including legal fees. YOU AGREE THAT YOU HAVE NO REMEDIES FOR NEGLIGENCE, STRICT LIABILITY, BREACH OF WARRANTY OR BREACH OF CONTRACT EXCEPT THOSE PROVIDED IN PARAGRAPH 1.F.3. YOU AGREE THAT THE FOUNDATION, THE TRADEMARK OWNER, AND ANY DISTRIBUTOR UNDER THIS AGREEMENT WILL NOT BE LIABLE TO YOU FOR ACTUAL, DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE OR INCIDENTAL DAMAGES EVEN IF YOU GIVE NOTICE OF THE POSSIBILITY OF SUCH DAMAGE. 1.F.3. LIMITED RIGHT OF REPLACEMENT OR REFUND - If you discover a defect in this electronic work within 90 days of receiving it, you can receive a refund of the money (if any) you paid for it by sending a written explanation to the person you received the work from. If you received the work on a physical medium, you must return the medium with your written explanation. The person or entity that provided you with the defective work may elect to provide a replacement copy in lieu of a refund. If you received the work electronically, the person or entity providing it to you may choose to give you a second opportunity to receive the work electronically in lieu of a refund. If the second copy is also defective, you may demand a refund in writing without further opportunities to fix the problem. 1.F.4. Except for the limited right of replacement or refund set forth in paragraph 1.F.3, this work is provided to you ‘AS-IS’, WITH NO OTHER WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,
  • 61.
    INCLUDING BUT NOTLIMITED TO WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PURPOSE. 1.F.5. Some states do not allow disclaimers of certain implied warranties or the exclusion or limitation of certain types of damages. If any disclaimer or limitation set forth in this agreement violates the law of the state applicable to this agreement, the agreement shall be interpreted to make the maximum disclaimer or limitation permitted by the applicable state law. The invalidity or unenforceability of any provision of this agreement shall not void the remaining provisions. 1.F.6. INDEMNITY - You agree to indemnify and hold the Foundation, the trademark owner, any agent or employee of the Foundation, anyone providing copies of Project Gutenberg™ electronic works in accordance with this agreement, and any volunteers associated with the production, promotion and distribution of Project Gutenberg™ electronic works, harmless from all liability, costs and expenses, including legal fees, that arise directly or indirectly from any of the following which you do or cause to occur: (a) distribution of this or any Project Gutenberg™ work, (b) alteration, modification, or additions or deletions to any Project Gutenberg™ work, and (c) any Defect you cause. Section 2. Information about the Mission of Project Gutenberg™ Project Gutenberg™ is synonymous with the free distribution of electronic works in formats readable by the widest variety of computers including obsolete, old, middle-aged and new computers. It exists because of the efforts of hundreds of volunteers and donations from people in all walks of life. Volunteers and financial support to provide volunteers with the assistance they need are critical to reaching Project Gutenberg™’s goals and ensuring that the Project Gutenberg™ collection will
  • 62.
    remain freely availablefor generations to come. In 2001, the Project Gutenberg Literary Archive Foundation was created to provide a secure and permanent future for Project Gutenberg™ and future generations. To learn more about the Project Gutenberg Literary Archive Foundation and how your efforts and donations can help, see Sections 3 and 4 and the Foundation information page at www.gutenberg.org. Section 3. Information about the Project Gutenberg Literary Archive Foundation The Project Gutenberg Literary Archive Foundation is a non-profit 501(c)(3) educational corporation organized under the laws of the state of Mississippi and granted tax exempt status by the Internal Revenue Service. The Foundation’s EIN or federal tax identification number is 64-6221541. Contributions to the Project Gutenberg Literary Archive Foundation are tax deductible to the full extent permitted by U.S. federal laws and your state’s laws. The Foundation’s business office is located at 809 North 1500 West, Salt Lake City, UT 84116, (801) 596-1887. Email contact links and up to date contact information can be found at the Foundation’s website and official page at www.gutenberg.org/contact Section 4. Information about Donations to the Project Gutenberg Literary Archive Foundation Project Gutenberg™ depends upon and cannot survive without widespread public support and donations to carry out its mission of increasing the number of public domain and licensed works that can be freely distributed in machine-readable form accessible by the widest array of equipment including outdated equipment. Many
  • 63.
    small donations ($1to $5,000) are particularly important to maintaining tax exempt status with the IRS. The Foundation is committed to complying with the laws regulating charities and charitable donations in all 50 states of the United States. Compliance requirements are not uniform and it takes a considerable effort, much paperwork and many fees to meet and keep up with these requirements. We do not solicit donations in locations where we have not received written confirmation of compliance. To SEND DONATIONS or determine the status of compliance for any particular state visit www.gutenberg.org/donate. While we cannot and do not solicit contributions from states where we have not met the solicitation requirements, we know of no prohibition against accepting unsolicited donations from donors in such states who approach us with offers to donate. International donations are gratefully accepted, but we cannot make any statements concerning tax treatment of donations received from outside the United States. U.S. laws alone swamp our small staff. Please check the Project Gutenberg web pages for current donation methods and addresses. Donations are accepted in a number of other ways including checks, online payments and credit card donations. To donate, please visit: www.gutenberg.org/donate. Section 5. General Information About Project Gutenberg™ electronic works Professor Michael S. Hart was the originator of the Project Gutenberg™ concept of a library of electronic works that could be freely shared with anyone. For forty years, he produced and distributed Project Gutenberg™ eBooks with only a loose network of volunteer support.
  • 64.
    Project Gutenberg™ eBooksare often created from several printed editions, all of which are confirmed as not protected by copyright in the U.S. unless a copyright notice is included. Thus, we do not necessarily keep eBooks in compliance with any particular paper edition. Most people start at our website which has the main PG search facility: www.gutenberg.org. This website includes information about Project Gutenberg™, including how to make donations to the Project Gutenberg Literary Archive Foundation, how to help produce our new eBooks, and how to subscribe to our email newsletter to hear about new eBooks.
  • 65.