With more than 67% of web servers running Apache, it is by far the most widely used web server platform in the world. Apache has evolved into a powerful system that easily rivals other HTTP servers in terms of functionality, efficiency, and speed. Despite these impressive capabilities, though, Apache is only a beneficial tool if it's a secure one.To be sure, administrators installing and configuring Apache still need a sure-fire way to secure it--whether it's running a huge e-commerce operation, corporate intranet, or just a small hobby site.Our new guide, Apache Security, gives administrators and webmasters just what they crave--a comprehensive security source for Apache. Successfully combining Apache administration and web security topics, Apache Security speaks to nearly everyone in the field. What's more, it offers a concise introduction to the theory of securing Apache, as well as a broad perspective on server security in general.But this book isn't just about theory. The real strength of Apache Security lies in its wealth of interesting and practical advice, with many real-life examples and solutions. Administrators and programmers will learn how to:
Ivan Ristic is a web security specialist and the author of of ModSecurity, an open source intrusion detection and prevention engine for web applications. He is the founder of Thinking Stone, which offers products and services related to web application security. Ivan spends his time thinking about web application security, web intrusion detection, and security patterns. Prior to moving to the computer security field, Ivan spent a number of years working as a developer, system architect, and technical director in the software development industry.
Ivan wrote Apache Security for O'Reilly, a concise yet comprehensive web security guide for administrators, system architects, and programmers. An active participant in the web application security community, Ivan is a member of the Web Application Security Consortium, OASIS, and the PHP Security Consortium.
Dedication; Preface; Audience; Scope; Contents of This Book; Online Companion; Conventions Used in This Book; Using Code Examples; We'd Like to Hear from You; Safari Enabled; Acknowledgments; Chapter 1: Apache Security Principles; 1.1 Security Definitions; 1.2 Web Application Architecture Blueprints; Chapter 2: Installation and Configuration; 2.1 Installation; 2.2 Configuration and Hardening; 2.3 Changing Web Server Identity; 2.4 Putting Apache in Jail; Chapter 3: PHP; 3.1 Installation; 3.2 Configuration; 3.3 Advanced PHP Hardening; Chapter 4: SSL and TLS; 4.1 Cryptography; 4.2 SSL; 4.3 OpenSSL; 4.4 Apache and SSL; 4.5 Setting Up a Certificate Authority; 4.6 Performance Considerations; Chapter 5: Denial of Service Attacks; 5.1 Network Attacks; 5.2 Self-Inflicted Attacks; 5.3 Traffic Spikes; 5.4 Attacks on Apache; 5.5 Local Attacks; 5.6 Traffic-Shaping Modules; 5.7 DoS Defense Strategy; Chapter 6: Sharing Servers; 6.1 Sharing Problems; 6.2 Distributing Configuration Data; 6.3 Securing Dynamic Requests; 6.4 Working with Large Numbers of Users; Chapter 7: Access Control; 7.1 Overview; 7.2 Authentication Methods; 7.3 Access Control in Apache; 7.4 Single Sign-on; Chapter 8: Logging and Monitoring; 8.1 Apache Logging Facilities; 8.2 Log Manipulation; 8.3 Remote Logging; 8.4 Logging Strategies; 8.5 Log Analysis; 8.6 Monitoring; Chapter 9: Infrastructure; 9.1 Application Isolation Strategies; 9.2 Host Security; 9.3 Network Security; 9.4 Using a Reverse Proxy; 9.5 Network Design; Chapter 10: Web Application Security; 10.1 Session Management Attacks; 10.2 Attacks on Clients; 10.3 Application Logic Flaws; 10.4 Information Disclosure; 10.5 File Disclosure; 10.6 Injection Flaws; 10.7 Buffer Overflows; 10.8 Evasion Techniques; 10.9 Web Application Security Resources; Chapter 11: Web Security Assessment; 11.1 Black-Box Testing; 11.2 White-Box Testing; 11.3 Gray-Box Testing; Chapter 12: Web Intrusion Detection; 12.1 Evolution of Web Intrusion Detection; 12.2 Using mod_security; Appendix A: Tools; A.1 Learning Environments; A.2 Information-Gathering Tools; A.3 Network-Level Tools; A.4 Web Security Scanners; A.5 Web Application Security Tools; A.6 HTTP Programming Libraries; Colophon;
Le informazioni nella sezione "Su questo libro" possono far riferimento a edizioni diverse di questo titolo.
Descrizione libro Paperback. Condizione libro: New. New. Softcover book, 1st Edition. (Read Description Before Buying), This is an international Edition. Black and White Book. ISBN or covers May Be Different From US Edition. Book may have Restricted Sales Disclaimer Wordings printed on cover. Books May Be Shipped From Overseas as per stock status. Codice libro della libreria 760548
Descrizione libro Paperback. Condizione libro: New. Softcover Book, Condition: New. 1st Edition. [Please Read Carefully Before Buying], This Is An International Edition. Printed In Black and White. 432 Pages, Book Cover And ISBN No May Be Different From US Edition. Restricted Sales Disclaimer Wordings Not For Sales In USA And Canada May Be Printed On The Cover Of The Book. Standard Shipping 7-14 Business Days. Expedited Shiping 4-8 Business Days. ***WE DO NOT ENTERTAIN BULK ORDERS.*** The Books May Be Ship From Overseas For Inventory Purpose. Codice libro della libreria 505255
Descrizione libro Paperback. Condizione libro: New. New Softcover International Edition, Printed in Black and White, Different ISBN, Same Content As US edition, Book Cover may be Different, in English Language. Codice libro della libreria 32210
Descrizione libro O'Reilly Media, 2005. Paperback. Condizione libro: New. Codice libro della libreria P110596007248
Descrizione libro O'Reilly Media. PAPERBACK. Condizione libro: New. 0596007248 New Condition. Codice libro della libreria NEW6.0310637
Descrizione libro O'Reilly Media, 2005. Paperback. Condizione libro: New. 1. Codice libro della libreria DADAX0596007248