Apache security (eBook, 2005) [WorldCat.org]
skip to content
Apache security

Apache security

Author: Ivan Ristic
Publisher: Beijing ; Sebastopol, CA : O'Reilly Media, ©2005.
Edition/Format:   eBook : English : 1st edView all editions and formats

An all-purpose guide for locking down Apache arms readers with all the information they need to securely deploy applications. It offers a concise introduction to the theory of securing Apache,  Read more...


(not yet rated) 0 with reviews - Be the first.

More like this

Find a copy online

Links to this item

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...


Additional Physical Format: Print version:
Ristic, Ivan.
Apache security.
Beijing ; Sebastopol, CA : O'Reilly Media, ©2005
(DLC) 2005281426
Material Type: Internet resource
Document Type: Internet Resource, Computer File
All Authors / Contributors: Ivan Ristic
ISBN: 0596007248 9780596007249
OCLC Number: 224768190
Notes: Includes index.
Description: 1 online resource (xxii, 396 pages) : illustrations
Contents: Preface 1. Apache Security Principles Security Definitions Essential Security Principles Common Security Vocabulary Security Process Steps Threat Modeling System-Hardening Matrix Calculating Risk Web Application Architecture Blueprints User View Network View Apache View 2. Installation and Configuration Installation Source or Binary Static Binary or Dynamic Modules Folder Locations Installation Instructions Configuration and Hardening Setting Up the Server User Account Setting Apache Binary File Permissions Configuring Secure Defaults Enabling CGI Scripts Logging Setting Server Configuration Limits Preventing Information Leaks Changing Web Server Identity Changing the Server Header Field Removing Default Content Putting Apache in Jail Tools of the chroot Trade Using chroot to Put Apache in Jail Using the chroot(2) Patch Using mod_security or mod_chroot 3. PHP Installation Using PHP as a Module Using PHP as a CGI Choosing Modules Configuration Disabling Undesirable Options Disabling Functions and Classes Restricting Filesystem Access Setting Logging Options Setting Limits Controlling File Uploads Increasing Session Security Setting Safe Mode Options Advanced PHP Hardening PHP 5 SAPI Input Hooks Hardened-PHP 4. SSL and TLS Cryptography Symmetric Encryption Asymmetric Encryption One-Way Encryption Public-Key Infrastructure How It All Falls into Place SSL SSL Communication Summary Is SSL Secure? OpenSSL Apache and SSL Installing mod_ssl Generating Keys Generating a Certificate Signing Request Signing Your Own Certificate Getting a Certificate Signed by a CA Configuring SSL Setting Up a Certificate Authority Preparing the CA Certificate for Distribution Issuing Server Certificates Issuing Client Certificates Revoking Certificates Using Client Certificates Performance Considerations OpenSSL Benchmark Script Hardware Acceleration 5. Denial of Service Attacks Network Attacks Malformed Traffic Brute-Force Attacks SYN Flood Attacks Source Address Spoofing Distributed Denial of Service Attacks Reflection DoS Attacks Self-Inflicted Attacks Badly Configured Apache Poorly Designed Web Applications Real-Life Client Problems Traffic Spikes Content Compression Bandwidth Attacks Cyber-Activism The Slashdot Effect Attacks on Apache Apache Vulnerabilities Brute-Force Attacks Programming Model Attacks Local Attacks PAM Limits Process Accounting Kernel Auditing Traffic-Shaping Modules DoS Defense Strategy 6. Sharing Servers Sharing Problems File Permission Problems Dynamic-Content Problems Sharing Resources Same Domain Name Problems Information Leaks on Execution Boundaries Distributing Configuration Data Securing Dynamic Requests Enabling Script Execution Setting CGI Script Limits Using suEXEC FastCGI Running PHP as a Module Working with Large Numbers of Users Web Shells Dangerous Binaries 7. Access Control Overview Authentication Methods Basic Authentication Digest Authentication Form-Based Authentication Access Control in Apache Basic Authentication Using Plaintext Files Basic Authentication Using DBM Files Digest Authentication Certificate-Based Access Control Network Access Control Proxy Access Control Final Access Control Notes Single Sign-on Web Single Sign-on Simple Apache-Only Single Sign-on 8. Logging and Monitoring Apache Logging Facilities Request Logging Error Logging Special Logging Modules Audit Log Performance Measurement File Upload Interception Application Logs Logging as Much as Possible Log Manipulation Piped Logging Log Rotation Issues with Log Distribution Remote Logging Manual Centralization Syslog Logging Database Logging Distributed Logging with the Spread Toolkit Logging Strategies Log Analysis Monitoring File Integrity Event Monitoring Web Server Status 9. Infrastructure Application Isolation Strategies Isolating Applications from Servers Isolating Application Modules Utilizing Virtual Servers Host Security Restricting and Securing User Access Deploying Minimal Services Gathering Information and Monitoring Events Securing Network Access Advanced Hardening Keeping Up to Date Network Security Firewall Usage Centralized Logging Network Monitoring External Monitoring Using a Reverse Proxy Apache Reverse Proxy Reverse Proxy by Network Design Reverse Proxy by Redirecting Network Traffic Network Design Reverse Proxy Patterns Advanced Architectures 10. Web Application Security Session Management Attacks Cookies Session Management Concepts Keeping in Touch with Clients Session Tokens Session Attacks Good Practices ttacks on Clients Typical Client Attack Targets Phishing Application Logic Flaws Cookies and Hidden Fields POST Method Referrer Check Flaws Process State Management Client-Side Validation Information Disclosure HTML Source Code Directory Listings Verbose Error Messages Debug Messages File Disclosure Path Traversal Application Download Flaws Source Code Disclosure Predictable File Locations Injection Flaws SQL Injection Cross-Site Scripting Command Execution Code Execution Preventing Injection Attacks Buffer Overflows Evasion Techniques Simple Evasion Techniques Path Obfuscation URL Encoding Unicode Encoding Null-Byte Attacks SQL Evasion Web Application Security Resources General Resources Web Application Security Resources 11. Web Security Assessment Black-Box Testing Information Gathering Web Server Analysis Web Application Analysis Attacks Against Access Control Vulnerability Probing White-Box Testing Architecture Review Configuration Review Functional Review Gray-Box Testing 12. Web Intrusion Detection Evolution of Web Intrusion Detection Is Intrusion Detection the Right Approach? Log-Based Web Intrusion Detection Real-Time Web Intrusion Detection Web Intrusion Detection Features Using mod_security Introduction More Configuration Advice Deployment Guidelines Detecting Common Attacks Advanced Topics Appendix: Tools Index
Responsibility: Ivan Ristic.
More information:


User-contributed reviews
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...


Be the first.
Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.