Preventing Web Attacks with Apache

Ryan C. Barnett

582 pages, parution le 20/02/2006

Ajouter à une liste

Indisponible

Résumé

The only end-to-end guide to securing Apache Web servers and Web applications

Apache can be hacked. As companies have improved perimeter security, hackers have increasingly focused on attacking Apache Web servers and Web applications. Firewalls and SSL won't protect you: you must systematically harden your Web application environment. Preventing Web Attacks with Apache brings together all the information you'll need to do that: step-by-step guidance, hands-on examples, and tested configuration files.

Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against. Exploits discussed include: buffer overflows, denial of service, attacks on vulnerable scripts and programs, credential sniffing and spoofing, client parameter manipulation, brute force attacks, web defacements, and more.

Barnett introduces the Center for Internet Security Apache Benchmarks, a set of best-practice Apache security configuration actions and settings he helped to create. He addresses issues related to IT processes and your underlying OS; Apache downloading, installation, and configuration; application hardening; monitoring, and more. He also presents a chapter-length case study using actual Web attack logs and data captured "in the wild."

For every sysadmin, Web professional, and security specialist responsible for Apache or Web application security.

With this book, you will learn to

Address the OS-related flaws most likely to compromise Web server security
Perform security-related tasks needed to safely download, configure, and install Apache
Lock down your Apache httpd.conf file and install essential Apache security modules
Test security with the CIS Apache Benchmark Scoring Tool
Use the WASC Web Security Threat Classification to identify and mitigate application threats
Test Apache mitigation settings against the Buggy Bank Web application
Analyze an Open Web Proxy Honeypot to gather crucial intelligence about attackers
Master advanced techniques for detecting and preventing intrusions

Sommaire

Web Insecurity Contributing Factors
CIS Apache Benchmark
Downloading and Installing Apache
Configuring the httpd.conf File
Essential Security Modules for Apache
Using the Center for Internet Security Apache
Mitigating the WASC Web Security Threat Classification with Apache
Protecting a Flawed Web Application: Buggy Bank
Prevention and Countermeasures
Open Web Proxy Honeypot
Putting It All Together
A Web Application Security Consortium Glossary
B Apache Module Listing
C Example httpd.conf File

Voir tout

Replier

Caractéristiques techniques

	PAPIER
Éditeur(s)	Addison Wesley
Auteur(s)	Ryan C. Barnett
Parution	20/02/2006
Nb. de pages	582
Format	17,5 x 23,5
Couverture	Broché
Poids	870g
Intérieur	Noir et Blanc
EAN13	9780321321282
ISBN13	978-0-321-32128-2