Information Security Bulletin

New Book: Preventing Web Attacks With Apache

27 Jan 12:12

An end-to-end guide to securing Apache Web servers and Web applications

Apache can be hacked. As companies have improved perimeter security, hackers have increasingly focused on attacking Apache Web servers and Web applications. Firewalls and SSL offer little protection. The Web application environment must be systematically hardened. Preventing Web Attacks with Apache brings together all the information needed to do that: step-by-step guidance, hands-on examples, and tested configuration files.

Building on his SANS presentations on Apache security, Ryan C. Barnett reveals why Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against. Exploits discussed include: buffer overflows, denial of service, attacks on vulnerable scripts and programs, credential sniffing and spoofing, client parameter manipulation, brute force attacks, web defacements, and more.

Barnett introduces the Center for Internet Security Apache Benchmarks, a set of best-practice Apache security configuration actions and settings he helped to create. He addresses issues related to IT processes and the underlying OS Apache downloading, installation, and configuration application hardening monitoring, and more. He also presents a chapter-length case study using actual Web attack logs and data captured "in the wild."

Among the subjects covered in the book:

Addressing the OS-related flaws most likely to compromise Web server security
Performing security-related tasks needed to safely download, configure, and install Apache
Locking down the Apache httpd.conf file and installing essential Apache security modules
Testing security with the CIS Apache Benchmark Scoring Tool
Using the WASC Web Security Threat Classification to identify and mitigate application threats
Testing Apache mitigation settings against the Buggy Bank Web application
Analysing an Open Web Proxy Honeypot to gather crucial intelligence about attackers
Advanced techniques for detecting and preventing intrusions

Related links: (Open in a new window.)
www.awprofessional.com/bookstore/product.asp?isbn=0321321286&rl=1

View printable version (opens in new window)
Back

Search ISB News:

Not yet sure you want to subscribe? Download a free sample copy!

Download the much quoted October Editorial

Portal Frontpage
Web Editorial
About This Portal
Contact Info

IS Alerts
General News
Product News
Vendor News
People News
Literature
Events
CHI News

Subscribe Online
About ISB
Publishing in ISB
Advertising in ISB
PR Information

In the current issue:

Security Management
The Importance of Adaptability
Steve Purser

From the Trenches
Reversing Perimeter Defences – a Case Study
Søren Maigaard

Security Architectures
The Self Defending Network: New Trends In ICT Security Infrastructures
Drs. Ing. René Pluis

Subscribe Online!