"Ryan Barnett has raised the bar in terms of running Apache securely. If you run Apache, stop right now and leaf through this book; you need this information." --Stephen Northcutt, The SANS Institute The only end-to-end guide to securing Apache Web servers and Web applications Apache can be hacked. As companies have improved perimeter security, hackers have increasingly focused on attacking Apache Web servers and Web applications. Firewalls and SSL won't protect you: you must systematically harden your Web application environment. Preventing Web Attacks with Apache brings together all the information you'll need to do that: step-by-step guidance, hands-on examples, and tested configuration files. Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against. Exploits discussed include: buffer overflows, denial of service, attacks on vulnerable scripts and programs, credential sniffing and spoofing, client parameter manipulation, brute force attacks, web defacements, and more.Barnett introduces the Center for Internet Security Apache Benchmarks, a set of best-practice Apache security configuration actions and settings he helped to create. He addresses issues related to IT processes and your underlying OS; Apache downloading, installation, and configuration; application hardening; monitoring, and more. He also presents a chapter-length case study using actual Web attack logs and data captured "in the wild." For every sysadmin, Web professional, and security specialist responsible for Apache or Web application security. With this book, you will learn to *Address the OS-related flaws most likely to compromise Web server security *Perform security-related tasks needed to safely download, configure, and install Apache *Lock down your Apache httpd.conf file and install essential Apache security modules *Test security with the CIS Apache Benchmark Scoring Tool *Use the WASC Web Security Threat Classification to identify and mitigate application threats *Test Apache mitigation settings against the Buggy Bank Web application *Analyze an Open Web Proxy Honeypot to gather crucial intelligence about attackers *Master advanced techniques for detecting and preventing intrusionsAbout the Author:
Ryan C. Barnett is a chief security officer for EDS. He currently leads both Operations Security and Incident Response Teams for a government bureau in Washington, DC. In addition to his nine-to-five job, Ryan is also a faculty member for the SANS Institute, where his duties include instructor/courseware developer for Apache Security, Top 20 Vulnerabilities team member, and local mentor for the SANS Track 4, "Hacker Techniques, Exploits, and Incident Handling," course. He holds six SANS Global Information Assurance Certifications (GIAC): Intrusion Analyst (GCIA), Systems and Network Auditor (GSNA), Forensic Analyst (GCFA), Incident Handler (GCIH), Unix Security Administrator (GCUX), and Security Essentials (GSEC). In addition to the SANS Institute, he is also the team lead for the Center for Internet Security Apache Benchmark Project and a member of the Web Application Security Consortium.
"Sobre este título" puede pertenecer a otra edición de este libro.
Descripción Addison-Wesley Professional. PAPERBACK. Estado de conservación: New. 0321321286. Nº de ref. de la librería HGT2318DBCM090916H0813
Descripción Addison-Wesley Professional, 2006. Paperback. Estado de conservación: New. Nº de ref. de la librería mon0000154379
Descripción Addison-Wesley Professional, 2006. Estado de conservación: New. Brand New, Unread Copy in Perfect Condition. A+ Customer Service! Summary: Introduction 1 Web Insecurity Contributing Factors 2 CIS Apache Benchmark 3 Downloading and Installing Apache 4 Configuring the httpd.conf File 5 Essential Security Modules for Apache 6 Using the Center for Internet Security Apache Benchmark Scoring Tool 7 Mitigating the WASC Web Security Threat Classification with Apache 8 Protecting a Flawed Web Application: Buggy Bank 9 Prevention and Countermeasures 10 Open Web Proxy Honeypot 11 Putting It All Together Appendix A WASC Glossary Appendix B Apache Module Listing Appendix C Example httpd.conf file. Nº de ref. de la librería ABE_book_new_0321321286
Descripción Addison-Wesley Professional, 2006. Paperback. Estado de conservación: New. book. Nº de ref. de la librería 0321321286
Descripción Prentice Hall. Estado de conservación: New. Brand New. Nº de ref. de la librería 0321321286
Descripción Estado de conservación: Brand New. Book Condition: Brand New. Nº de ref. de la librería 97803213212821.0
Descripción Addison-Wesley Professional, 2006. Paperback. Estado de conservación: New. 1. Nº de ref. de la librería DADAX0321321286
Descripción Addison-Wesley Professional, 2006. Paperback. Estado de conservación: New. Nº de ref. de la librería P110321321286
Descripción Addison-Wesley Professional, 2006. Estado de conservación: New. Brand new! Please provide a physical shipping address. Nº de ref. de la librería 9780321321282
Descripción Addison-Wesley Professional. PAPERBACK. Estado de conservación: New. 0321321286 New Condition. Nº de ref. de la librería NEW6.0148626