Industrial-Sized Deals Shop all Back to School Shop Men's Hightops Learn more nav_sap_SWP_6M_fly_beacon David Ramirez $5 Off Fire TV Stick Off to College Essentials Shop Popular Services TransparentGGWin TransparentGGWin TransparentGGWin  Amazon Echo Starting at $99 Kindle Voyage Nintendo Digital Games Shop Back to School with Amazon Back to School with Amazon Outdoor Recreation Deal of the Day
Preventing Web Attacks with Apache and over one million other books are available for Amazon Kindle. Learn more
+ $3.99 shipping
Used: Good | Details
Sold by -TextbookRush-
Condition: Used: Good
Comment: All orders ship SAME or NEXT business day. Expedited shipments will be received in 1-5 business days within the United States. We proudly ship to APO/FPO addresses. 100% Satisfaction Guaranteed!
Access codes and supplements are not guaranteed with used items.
  • List Price: $54.99
  • Save: $21.86 (40%)
FREE Shipping on orders over $35.
In Stock.
Ships from and sold by
Gift-wrap available.
Preventing Web Attacks wi... has been added to your Cart
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Preventing Web Attacks with Apache Paperback – February 6, 2006

7 customer reviews
ISBN-13: 978-0321321282 ISBN-10: 0321321286 Edition: 1st

Buy New
Price: $33.13
14 New from $23.51 24 Used from $0.94
Amazon Price New from Used from
"Please retry"
"Please retry"
$23.51 $0.94
Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student

InterDesign Brand Store Awareness Textbooks
$33.13 FREE Shipping on orders over $35. In Stock. Ships from and sold by Gift-wrap available.

Frequently Bought Together

Preventing Web Attacks with Apache + ModSecurity Handbook: The Complete Guide to the Popular Open Source Web Application Firewall
Price for both: $80.58

Buy the selected items together

Editorial Reviews

From the Back Cover

“Ryan Barnett has raised the bar in terms of running Apache securely. If you run Apache, stop right now and leaf through this book; you need this information.”

–Stephen Northcutt, The SANS Institute


The only end-to-end guide to securing Apache Web servers and Web applications


Apache can be hacked. As companies have improved perimeter security, hackers have increasingly focused on attacking Apache Web servers and Web applications. Firewalls and SSL won’t protect you: you must systematically harden your Web application environment. Preventing Web Attacks with Apache brings together all the information you’ll need to do that: step-by-step guidance, hands-on examples, and tested configuration files.


Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against. Exploits discussed include: buffer overflows, denial of service, attacks on vulnerable scripts and programs, credential sniffing and spoofing, client parameter manipulation, brute force attacks, web defacements, and more.


Barnett introduces the Center for Internet Security Apache Benchmarks, a set of best-practice Apache security configuration actions and settings he helped to create. He addresses issues related to IT processes and your underlying OS; Apache downloading, installation, and configuration; application hardening; monitoring, and more. He also presents a chapter-length case study using actual Web attack logs and data captured “in the wild.”


For every sysadmin, Web professional, and security specialist responsible for Apache or Web application security.


With this book, you will learn to

  • Address the OS-related flaws most likely to compromise Web server security
  • Perform security-related tasks needed to safely download, configure, and install Apache
  • Lock down your Apache httpd.conf file and install essential Apache security modules
  • Test security with the CIS Apache Benchmark Scoring Tool
  • Use the WASC Web Security Threat Classification to identify and mitigate application threats
  • Test Apache mitigation settings against the Buggy Bank Web application
  • Analyze an Open Web Proxy Honeypot to gather crucial intelligence about attackers
  • Master advanced techniques for detecting and preventing intrusions

About the Author

Ryan C. Barnett is a chief security officer for EDS. He currently leads both Operations Security and Incident Response Teams for a government bureau in Washington, DC. In addition to his nine-to-five job, Ryan is also a faculty member for the SANS Institute, where his duties include instructor/courseware developer for Apache Security, Top 20 Vulnerabilities team member, and local mentor for the SANS Track 4, “Hacker Techniques, Exploits, and Incident Handling,” course. He holds six SANS Global Information Assurance Certifications (GIAC): Intrusion Analyst (GCIA), Systems and Network Auditor (GSNA), Forensic Analyst (GCFA), Incident Handler (GCIH), Unix Security Administrator (GCUX), and Security Essentials (GSEC). In addition to the SANS Institute, he is also the team lead for the Center for Internet Security Apache Benchmark Project and a member of the Web Application Security Consortium.

See all Editorial Reviews

Best Books of the Month
Best Books of the Month
Want to know our Editors' picks for the best books of the month? Browse Best Books of the Month, featuring our favorite new books in more than a dozen categories.

Product Details

  • Paperback: 624 pages
  • Publisher: Addison-Wesley Professional; 1 edition (February 6, 2006)
  • Language: English
  • ISBN-10: 0321321286
  • ISBN-13: 978-0321321282
  • Product Dimensions: 6.9 x 1.2 x 9.4 inches
  • Shipping Weight: 2.7 pounds (View shipping rates and policies)
  • Average Customer Review: 4.6 out of 5 stars  See all reviews (7 customer reviews)
  • Amazon Best Sellers Rank: #300,126 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

5 star
4 star
3 star
2 star
1 star
See all 7 customer reviews
Share your thoughts with other customers

Most Helpful Customer Reviews

13 of 13 people found the following review helpful By Richard Bejtlich on September 27, 2006
Format: Paperback
I recently received copies of Apache Security (AS) by Ivan Ristic and Preventing Web Attacks with Apache (PWAWA) by Ryan Barnett. I read AS first, then PWAWA. Both are excellent books, but I expect potential readers want to know which is best for them. The following is a radical simplification, and I could honestly recommend readers buy either (or both) books. If you are more concerned with a methodical, comprehensive approach to securing Apache, choose AS. If you want more information on offensive aspects of Web security, choose PWAWA.

Author Ryan Barnett takes a wider look at the world of Web application security than Ivan Ristic. As a result I find their two books very complementary. You'll find coverage of topics in PWAWA that do not appear in AS. For example, Ryan explains how to use the Center for Internet Security Apache Benchmark Scoring Tool to evaluate your httpd.conf file. He uses the Apache Benchmark (ab) application (packaged with Apache) to measure Web server performance characteristics. He uses these tools in before-and-after situations to show how his recommended changes improve the defaults.

I thought PWAWA's coverage of the fundamentals of Web security was not as good as that of AS. That's ok, though, because PWAWA addresses areas not as well covered by AS. For example, PWAWA spends a lot of quality ink on mod_security filters. This is ironic, given that AS author Ivan Ristic coded mod_security! What's impressive about PWAWA's mod_security explanations are the many sample filters. These are developed after discussions of various attack techniques and serve as countermeasures one can implement until a patch is ready.
Read more ›
2 Comments Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
9 of 10 people found the following review helpful By Stephen Northcutt on March 12, 2006
Format: Paperback
I should start with a disclaimer, I know Ryan Barnett and have followed his work through the years. That said, my responsibility as a reviewer is to help you as the reader decide whether to purchase this book, take the time to leaf through the book with the sample pages or Amazon, or to skip this book. I take that responsibility seriously.

If you have nothing to do with Web servers, you can safely skip this book. If you have operations, security or audit responsibilities for an organization that runs Apache and you do not read this book at least twice you are negligent. Please allow me to explain why I say that.

The book introduces the Center for Internet Security benchmark early on. This group, [...] does two things very well, they determine to appropriate security configuration for a number of operating systems, devices, and programs and they produce tools to check the configuration. Wouldn't it make sense to know if your web server is configured properly, on average there are about 1,000 web defacements per day.

There are security books that about things and that is OK, but the best security books tell you how to do things. Ryan takes you through the download, installation and configuration of Apache. The "secret sauce" in the book starts in Chapter 5, where you are introduced to what is possible with the security modules for Apache. If you are an auditor, grab your highlighter, mark the tools and configurations and go pay the web admins a visit! Chapter 8 gives you a scenario to bring everything together. For the average reader, this is about as far as you are going to go.

Beyond Chapter 8, you are in advanced material, where Ryan is sharing the results of years of his research. This is for the security person looking for a bit of an edge to help protect their organization, or to do additional research. This is not a book for everyone, but it is a book for everyone running Apache!
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
5 of 5 people found the following review helpful By W Boudville HALL OF FAMETOP 1000 REVIEWERVINE VOICE on March 5, 2006
Format: Paperback
Apache is the most common web server out there. It has been heavily built up in functionality by volunteer programmers. Naturally, there are numerous books detailing all that you can do with it. Very versatile. Unfortunately, that is one of the problems! As many commercial websites use Apache, there is a huge incentive for crackers to subvert it in various fashions. Perhaps to get at the back end SQL database. In which might be stored useful information like people's names and credit card data.

Barnett offers inoculation. You can read this book as the sysadmin's manual to installing and running Apache. Where the overriding priority is to bolt down any known weaknesses from the get go.

There is a comprehensive list of attacks. Some might not necessarily be directed against Apache per se, but against any web server. But there are others that might scan for particular versions of Apache or the operating system, if these have bugs that can be exploited. The text suggests possibly providing disinformation. In an earlier, more innocent time, a web server might write its name and version at the bottom of a page that it publishes, for example. Now, you are shown how Apache can suppress this. Better yet, you can tell Apache to pretend to be another web server. A defensive fib that makes the cracker's job a little harder.

Buffer overflows, cross site scripting and SQL injection are possibly the most dangerous attacks explained. For each attack, examples are usually given. Followed by Apache countermeasures. Tangentially, you also get to cast scrutiny at your database and at the entire way your multitier server system is arranged.

The book is a sad but necessary commentary on the times we live in.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Set up an Amazon Giveaway

Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more
Preventing Web Attacks with Apache
This item: Preventing Web Attacks with Apache
Price: $33.13
Ships from and sold by

Want to discover more products? Check out these pages to see more: ebay books, software development, programming languages, software testing, computer security