Apache Security - Brossura

Ristic, Ivan

3,74

34 valutazioni di Goodreads

Brossura

ISBN 10: 0596007248 ISBN 13: 9780596007249

Casa editrice: Oreilly & Associates Inc, 2005

Vedi tutte le copie di questo ISBN:

With more than 67% of web servers running Apache, it is by far the most widely used web server platform in the world. Apache has evolved into a powerful system that easily rivals other HTTP servers in terms of functionality, efficiency, and speed. Despite these impressive capabilities, though, Apache is only a beneficial tool if it's a secure one.To be sure, administrators installing and configuring Apache still need a sure-fire way to secure it--whether it's running a huge e-commerce operation, corporate intranet, or just a small hobby site.Our new guide, Apache Security, gives administrators and webmasters just what they crave--a comprehensive security source for Apache. Successfully combining Apache administration and web security topics, Apache Security speaks to nearly everyone in the field. What's more, it offers a concise introduction to the theory of securing Apache, as well as a broad perspective on server security in general.But this book isn't just about theory. The real strength of Apache Security lies in its wealth of interesting and practical advice, with many real-life examples and solutions. Administrators and programmers will learn how to:

install and configure Apache
prevent denial of service (DoS) and other attacks
securely share servers
control logging and monitoring
secure custom-written web applications
conduct a web security assessment
use mod_security and other security-related modules

And that's just the tip of the iceberg, as mainstream Apache users will also gain valuable information on PHP and SSL/ TLS. Clearly, Apache Security is packed and to the point, with plenty of details for locking down this extremely popular and versatile web server.

Le informazioni nella sezione "Riassunto" possono far riferimento a edizioni diverse di questo titolo.

L'autore:

Ivan Ristic is a web security specialist and the author of of ModSecurity, an open source intrusion detection and prevention engine for web applications. He is the founder of Thinking Stone, which offers products and services related to web application security. Ivan spends his time thinking about web application security, web intrusion detection, and security patterns. Prior to moving to the computer security field, Ivan spent a number of years working as a developer, system architect, and technical director in the software development industry.

Ivan wrote Apache Security for O'Reilly, a concise yet comprehensive web security guide for administrators, system architects, and programmers. An active participant in the web application security community, Ivan is a member of the Web Application Security Consortium, OASIS, and the PHP Security Consortium.

Contenuti:

Dedication; Preface; Audience; Scope; Contents of This Book; Online Companion; Conventions Used in This Book; Using Code Examples; We'd Like to Hear from You; Safari Enabled; Acknowledgments; Chapter 1: Apache Security Principles; 1.1 Security Definitions; 1.2 Web Application Architecture Blueprints; Chapter 2: Installation and Configuration; 2.1 Installation; 2.2 Configuration and Hardening; 2.3 Changing Web Server Identity; 2.4 Putting Apache in Jail; Chapter 3: PHP; 3.1 Installation; 3.2 Configuration; 3.3 Advanced PHP Hardening; Chapter 4: SSL and TLS; 4.1 Cryptography; 4.2 SSL; 4.3 OpenSSL; 4.4 Apache and SSL; 4.5 Setting Up a Certificate Authority; 4.6 Performance Considerations; Chapter 5: Denial of Service Attacks; 5.1 Network Attacks; 5.2 Self-Inflicted Attacks; 5.3 Traffic Spikes; 5.4 Attacks on Apache; 5.5 Local Attacks; 5.6 Traffic-Shaping Modules; 5.7 DoS Defense Strategy; Chapter 6: Sharing Servers; 6.1 Sharing Problems; 6.2 Distributing Configuration Data; 6.3 Securing Dynamic Requests; 6.4 Working with Large Numbers of Users; Chapter 7: Access Control; 7.1 Overview; 7.2 Authentication Methods; 7.3 Access Control in Apache; 7.4 Single Sign-on; Chapter 8: Logging and Monitoring; 8.1 Apache Logging Facilities; 8.2 Log Manipulation; 8.3 Remote Logging; 8.4 Logging Strategies; 8.5 Log Analysis; 8.6 Monitoring; Chapter 9: Infrastructure; 9.1 Application Isolation Strategies; 9.2 Host Security; 9.3 Network Security; 9.4 Using a Reverse Proxy; 9.5 Network Design; Chapter 10: Web Application Security; 10.1 Session Management Attacks; 10.2 Attacks on Clients; 10.3 Application Logic Flaws; 10.4 Information Disclosure; 10.5 File Disclosure; 10.6 Injection Flaws; 10.7 Buffer Overflows; 10.8 Evasion Techniques; 10.9 Web Application Security Resources; Chapter 11: Web Security Assessment; 11.1 Black-Box Testing; 11.2 White-Box Testing; 11.3 Gray-Box Testing; Chapter 12: Web Intrusion Detection; 12.1 Evolution of Web Intrusion Detection; 12.2 Using mod_security; Appendix A: Tools; A.1 Learning Environments; A.2 Information-Gathering Tools; A.3 Network-Level Tools; A.4 Web Security Scanners; A.5 Web Application Security Tools; A.6 HTTP Programming Libraries; Colophon;

Le informazioni nella sezione "Su questo libro" possono far riferimento a edizioni diverse di questo titolo.