Sorry, this item is not available in
Image not available for
Color:
Image not available

To view this video download Flash Player

 
Sell Us Your Item
For a $1.65 Gift Card
Trade in
Have one to sell? Sell yours here
Tell the Publisher!
I'd like to read this book on Kindle

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Apache Security [Paperback]

by Ivan Ristic
4.8 out of 5 stars  See all reviews (16 customer reviews)


Available from these sellers.


Free Two-Day Shipping for College Students with Amazon Student

Formats

Amazon Price New from Used from
Paperback --  
Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Book Description

March 15, 2005 0596007248 978-0596007249 1
Note: This book is now out of print. A Kindle version published by the author is available from Amazon. For other digital formats (PDF, EPUB, etc), please visit feistyduck.com.

With more than 67% of web servers running Apache, it is by far the most widely used web server platform in the world. Apache has evolved into a powerful system that easily rivals other HTTP servers in terms of functionality, efficiency, and speed. Despite these impressive capabilities, though, Apache is only a beneficial tool if it's a secure one.

To be sure, administrators installing and configuring Apache still need a sure-fire way to secure it-whether it's running a huge e-commerce operation, corporate intranet, or just a small hobby site.

Our new guide, Apache Security, gives administrators and webmasters just what they crave-a comprehensive security source for Apache. Successfully combining Apache administration and web security topics, Apache Security speaks to nearly everyone in the field. What's more, it offers a concise introduction to the theory of securing Apache, as well as a broad perspective on server security in general.

But this book isn't just about theory. The real strength of Apache Security lies in its wealth of interesting and practical advice, with many real-life examples and solutions. Administrators and programmers will learn how to:
  • install and configure Apache
  • prevent denial of service (DoS) and other attacks
  • securely share servers
  • control logging and monitoring
  • secure custom-written web applications
  • conduct a web security assessment
  • use mod_security and other security-related modules
And that's just the tip of the iceberg, as mainstream Apache users will also gain valuable information on PHP and SSL/ TLS. Clearly, Apache Security is packed and to the point, with plenty of details for locking down this extremely popular and versatile web server.


Editorial Reviews

About the Author

Ivan Ristic is a security researcher, engineer, and author, known especially for his contributions to the web application firewall field and development of ModSecurity, an open source web application firewall, and for his SSL/TLS and PKI research, tools and guides published on the SSL Labs web site.

He is the author of two books, Apache Security and ModSecurity Handbook, which he publishes via Feisty Duck, his own platform for continuous writing and publishing. Ivan is an active participant in the security community and you'll often find him speaking at security conferences such as Black Hat, RSA, OWASP AppSec, and others. He's currently Director of Application Security Research at Qualys.

Product Details

  • Paperback: 432 pages
  • Publisher: O'Reilly Media; 1 edition (March 15, 2005)
  • Language: English
  • ISBN-10: 0596007248
  • ISBN-13: 978-0596007249
  • Product Dimensions: 9.2 x 7.1 x 0.9 inches
  • Shipping Weight: 1.2 pounds
  • Average Customer Review: 4.8 out of 5 stars  See all reviews (16 customer reviews)
  • Amazon Best Sellers Rank: #880,859 in Books (See Top 100 in Books)

More About the Author

Ivan Ristic is a security researcher, engineer, and author, known especially for his contributions to the web application firewall field and development of ModSecurity, an open source web application firewall, and for his SSL/TLS and PKI research, tools and guides published on the SSL Labs web site. He is the author of two books, Apache Security and ModSecurity Handbook, which he publishes via Feisty Duck, his own platform for continuous writing and publishing.

Ivan is an active participant in the security community and you'll often find him speaking at security conferences such as Black Hat, RSA, OWASP AppSec, and others. He's currently Director of Application Security Research at Qualys.

Customer Reviews

4.8 out of 5 stars
(16)
4.8 out of 5 stars
3 star
0
2 star
0
1 star
0
Most Helpful Customer Reviews
22 of 23 people found the following review helpful
5.0 out of 5 stars The single best Apache security book in print September 27, 2006
Format:Paperback
I recently received copies of Apache Security (AS) by Ivan Ristic and Preventing Web Attacks with Apache (PWAWA) by Ryan Barnett. I read AS first, then PWAWA. Both are excellent books, but I expect potential readers want to know which is best for them. The following is a radical simplification, and I could honestly recommend readers buy either (or both) books. If you are more concerned with a methodical, comprehensive approach to securing Apache, choose AS. If you want more information on offensive aspects of Web security, choose PWAWA.

Before I go further, I must mention that Ivan Ristic cites me and my books twice, on pages 2 and 229. While humbling, I tried not to let this fact influence my review.

AS is an extremely well-thought-out book. My favorite aspect of AS is the decision to start with a blank httpd.conf file, rather than accepting the file packaged with Apache and making edits as needed. By building up httpd.conf from scratch, the author shows exactly what components are needed in a very clear manner. This was not the approach used by PWAWA. I would like to see other technical books adopt this teaching method.

AS includes better coverage of several topics which I believe are core to securing Apache. I liked AS' discussion of chroot environments and jails, although the author should distinguish between chroot on Linux or BSD and jail on BSD alone. AS features a whole chapter on proper PHP deployment (Ch 3), and a whole chapter on SSL/TLS (Ch 4). AS devotes another chapter to explaining how to host multiple Web sites on one host (Ch 6), which is critical to many Apache environments. AS' chapter on Web infrastructure (CH 9) also covers topics not found in PWAWA.

AS is also less explicitly Linux-centric than PWAWA.
Read more ›
Comment | 
Was this review helpful to you?
7 of 7 people found the following review helpful
5.0 out of 5 stars Used every morning with coffee February 4, 2006
Format:Paperback
I recently heard about a new book out that is just about Apache Security written by Ivan Ristic. I haven't ever really found many books on this topic and wondered why since its such a widely popular web server. Ivan Ristic is well known for being the single man behind an invaluable tool for web servers called mod_security.

So many security related books are very expensive and thousands of pages long, which is great if you have lots of time but no system admin does. Apache Security is both thorough and quick to get through while walking you through the most imporant issues you'll encounter or never thought about until now.

First off go buy the book, don't bother to read this review at [...] It's really that good. I use it on a daily basis and keep a copy at the office and at home. I advise anyone that owns a server or works with Apache to get this book, you won't be disappointed. It's not

for somoene that's completely a newbie to web servers, I recommend it more for someone with a bit of experience or advanced user of Linux. Since this isn't a book on dummy installations but about security so you need a basic understanding of file permissions and so on.
Comment | 
Was this review helpful to you?
7 of 7 people found the following review helpful
5.0 out of 5 stars Comprehensive, task-oriented web security cookbook April 10, 2005
By Kiwi
Format:Paperback
This comprehensive, systematic, task-oriented book covers all the alternative approaches to securing servers -- from secure to paranoid -- complete with examples to demonstrate vulnerabilities such as session management, (Javascript) cross-site scripting, and SQL injection. Subjects such as hardening PHP, shared-server vulnerabilities, and logging/monitoring, each get a whole chapter. This up-to-date, well-written (concise yet encyclopedic) book will be indispensible to system designers, administrators and programmers.
Comment | 
Was this review helpful to you?
7 of 8 people found the following review helpful
5.0 out of 5 stars Great book, useful for all Apache users November 3, 2005
Format:Paperback
I thoroughly enjoyed Ivan's "Apache Security", even when I was a reviewer for an unfinished book. I remember how I was eagerly waiting to receive more new chapters from the publisher.

The book contains a nice combination of generic web stuff and Apache stuff. It starts with the discussion of security principles, such as defense-in-depth and minimum access privilege. Although not new, they are useful for those just entering the field, such as for beginner apache admins.

The chapter on Apache's installation and configuration sounds boring and many might be tempted to skip it. But it does contain a gem: a guide on setting Apache in a chroot jail!

PHP, a main web application platform for Apache at the time of this writing, is covered as well. I found some tips on PHP hardening that I didn't know previously. While the last PHP application I deployed was configured to be 'hackable' (it was a honeypot deployment, after all!), I found the tips to be practical.

One entertaining chapter is on denial-of-service attacks. There are many ways to overwhelm a network server, and Apache is now exception. It's a must-read for those running highly-available sites, where downtime costs a lot.

An important chapter covers Apache access control, from basic auth to single sign-on. Of course, of particular interest to me was a chapter on logging and monitoring, as it is one of my favorite subjects. Ivan did a great job covering not only logging facilities available within the server, but also log centralization, log analysis for security, integrity monitoring and other stuff. Distributed logging with Spread kit is indeed 'cool', just as Ivan mentions.

A brief chapter covers the security of the underlying 'infrastructure', such as the OS that Apache runs on.
Read more ›
Comment | 
Was this review helpful to you?
Most Recent Customer Reviews
5.0 out of 5 stars The one!
All I can say if you buy one Apache book make sure this is the one. After all securing your Apache installation is the most important thing. Read more
Published on February 22, 2010 by Eric..... NorCal
4.0 out of 5 stars A good reference, but a tad dated now.
I've had the book Apache Security for a while now, so I thought I'd give it a quick review.

Like most O'Reilly books, it's well thought out and fairly complete. Read more
Published on October 2, 2009 by Josh More
5.0 out of 5 stars A very easy read, on what could have been a dry topic
In the almost four years since this book was published the area of security, and of web security in particular has continued to move on at a significant pace. Read more
Published on April 24, 2009 by Brian
5.0 out of 5 stars Crucial reference for Apache web server admins
From my perspective: As a Linux / BSD sysadmin (but Apache httpd novice), I purchased this book a few months ago in hopes of supplementing my Apache learning. Read more
Published on March 12, 2009 by sinbad
5.0 out of 5 stars Much more than just Apache Security
I found this book while browsing the programming section of Borders (the programming section of my local Borders is amazing!), and I've found it to be a real gem. Read more
Published on October 11, 2007 by Ryan Stille
5.0 out of 5 stars super
Thanks a lot, we are very happy to have this book in our library!
Published on March 8, 2007 by Bücherwurm
5.0 out of 5 stars Excellent book...
This book is worth every single dollar. The examples are very clear and also provide invaluable information about security.

A must have for everybody using Apacge.
Published on August 1, 2006 by Gerardo Arroyo Arce
5.0 out of 5 stars Review of "Apache Security" by Ivan Ristic
Excellent book. The chapters on PHP and logging are especially useful.
Published on March 1, 2006 by Karl Vogel
5.0 out of 5 stars Not just about Apache security
I'm sure it was tempting for the author to just concentrate on the Apache portions of the web application security world. Read more
Published on June 20, 2005 by Jack D. Herrington
4.0 out of 5 stars more dangerous attacks
Ideally, this book should not exist. Because no one would try to intrude onto your Apache server. Besides, you don't mind a stranger being able to to that anyway, eh? Read more
Published on April 13, 2005 by W Boudville
Search Customer Reviews
Only search this product's reviews
ARRAY(0xa7080d74)


Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more

Forums

There are no discussions about this product yet.
Be the first to discuss this product with the community.
Start a new discussion
Topic:
First post:
Prompts for sign-in
 



Look for Similar Items by Category