Preventing Web Attacks with Apache

Description

Ryan Barnett has raised the bar in terms of running Apache securely. If you run Apache, stop right now and leaf through this book; you need this information.”

–Stephen Northcutt, The SANS Institute

 

The only end-to-end guide to securing Apache Web servers and Web applications

 

Apache can be hacked. As companies have improved perimeter security, hackers have increasingly focused on attacking Apache Web servers and Web applications. Firewalls and SSL won’t protect you: you must systematically harden your Web application environment. Preventing Web Attacks with Apache brings together all the information you’ll need to do that: step-by-step guidance, hands-on examples, and tested configuration files.

 

Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against. Exploits discussed include: buffer overflows, denial of service, attacks on vulnerable scripts and programs, credential sniffing and spoofing, client parameter manipulation, brute force attacks, web defacements, and more.

 

Barnett introduces the Center for Internet Security Apache Benchmarks, a set of best-practice Apache security configuration actions and settings he helped to create. He addresses issues related to IT processes and your underlying OS; Apache downloading, installation, and configuration; application hardening; monitoring, and more. He also presents a chapter-length case study using actual Web attack logs and data captured “in the wild.”

 

For every sysadmin, Web professional, and security specialist responsible for Apache or Web application security.

 

With this book, you will learn to

• Address the OS-related flaws most likely to compromise Web server security
• Perform security-related tasks needed to safely download, configure, and install Apache
• Lock down your Apache httpd.conf file and install essential Apache security modules
• Test security with the CIS Apache Benchmark Scoring Tool
• Use the WASC Web Security Threat Classification to identify and mitigate application threats
• Test Apache mitigation settings against the Buggy Bank Web application
• Analyze an Open Web Proxy Honeypot to gather crucial intelligence about attackers
• Master advanced techniques for detecting and preventing intrusions

 

描述
Ryan Barnett 在保護 Apache 的安全方面提高了標準。如果你正在運行 Apache，立即停下來翻閱這本書；你需要這些資訊。- Stephen Northcutt, The SANS Institute

這是唯一一本全面指導如何保護 Apache Web 伺服器和 Web 應用程式的指南。

Apache 可以被駭客攻擊。隨著公司改善了邊界安全，駭客越來越專注於攻擊 Apache Web 伺服器和 Web 應用程式。防火牆和 SSL 並不能保護你：你必須系統性地加固你的 Web 應用程式環境。《Preventing Web Attacks with Apache》匯集了你需要的所有資訊：逐步指導、實際範例和經過測試的配置文件。

在他關於 Apache 安全的開創性 SANS 演講的基礎上，Ryan C. Barnett 揭示了為什麼你的 Web 伺服器是如此吸引人的目標，如何進行重大攻擊，以及如何防禦。討論的攻擊包括：緩衝區溢出、拒絕服務、對易受攻擊的腳本和程式的攻擊、憑證竊聽和偽造、客戶端參數操縱、暴力破解攻擊、網站篡改等等。

Barnett 介紹了 Center for Internet Security Apache Benchmarks，這是一套他幫助創建的最佳實踐 Apache 安全配置操作和設定。他解決了與 IT 流程和底層作業系統相關的問題；Apache 下載、安裝和配置；應用程式加固；監控等等。他還提供了一個章節長度的案例研究，使用實際的 Web 攻擊日誌和在野外捕獲的數據。

對於每一位負責 Apache 或 Web 應用程式安全的系統管理員、網站專業人員和安全專家來說，這本書都是必讀之選。

通過這本書，你將學到：

- 解決最有可能危及 Web 伺服器安全的作業系統相關缺陷
- 執行與安全相關的任務，以安全地下載、配置和安裝 Apache
- 鎖定你的 Apache httpd.conf 文件並安裝必要的 Apache 安全模組
- 使用 CIS Apache Benchmark Scoring Tool 測試安全性
- 使用 WASC Web Security Threat Classification 來識別和緩解應用程式威脅
- 對抗 Buggy Bank Web 應用程式測試 Apache 的緩解設定
- 分析 Open Web Proxy Honeypot 以收集關於攻擊者的重要情報
- 掌握檢測和防止入侵的高級技術