An end-to-end guide to securing Apache Web servers and Web applications
Apache can be hacked. As companies have improved perimeter security, hackers have increasingly focused on attacking Apache Web servers and Web applications. Firewalls and SSL offer little protection. The Web application environment must be systematically hardened. Preventing Web Attacks with Apache brings together all the information needed to do that: step-by-step guidance, hands-on examples, and tested configuration files.
Building on his SANS presentations on Apache security, Ryan C. Barnett reveals why Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against. Exploits discussed include: buffer overflows, denial of service, attacks on vulnerable scripts and programs, credential sniffing and spoofing, client parameter manipulation, brute force attacks, web defacements, and more.
Barnett introduces the Center for Internet Security Apache Benchmarks, a set of best-practice Apache security configuration actions and settings he helped to create. He addresses issues related to IT processes and the underlying OS Apache downloading, installation, and configuration application hardening monitoring, and more. He also presents a chapter-length case study using actual Web attack logs and data captured "in the wild."
Among the subjects covered in the book:
Related links: (Open in a new window.)
www.awprofessional.com/bookstore/product.asp?isbn=0321321286&rl=1
Taken from Information Security Bulletin.