Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Preventing Web Attacks with Apache 1st Edition

4.6 out of 5 stars 7 customer reviews
ISBN-13: 978-0321321282
ISBN-10: 0321321286
Why is ISBN important?
ISBN
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Have one to sell? Sell on Amazon
Buy used On clicking this link, a new layer will be open
$22.94 On clicking this link, a new layer will be open
Buy new On clicking this link, a new layer will be open
$46.74 On clicking this link, a new layer will be open
More Buying Choices
15 New from $19.00 28 Used from $2.15
Free Two-Day Shipping for College Students with Prime Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


The Numberlys Best Books of the Year So Far
$46.74 FREE Shipping. In Stock. Ships from and sold by Amazon.com. Gift-wrap available.
click to open popover

Frequently Bought Together

  • Preventing Web Attacks with Apache
  • +
  • ModSecurity Handbook: The Complete Guide to the Popular Open Source Web Application Firewall
Total price: $96.69
Buy the selected items together

Editorial Reviews

From the Back Cover

“Ryan Barnett has raised the bar in terms of running Apache securely. If you run Apache, stop right now and leaf through this book; you need this information.”

–Stephen Northcutt, The SANS Institute

 

The only end-to-end guide to securing Apache Web servers and Web applications

 

Apache can be hacked. As companies have improved perimeter security, hackers have increasingly focused on attacking Apache Web servers and Web applications. Firewalls and SSL won’t protect you: you must systematically harden your Web application environment. Preventing Web Attacks with Apache brings together all the information you’ll need to do that: step-by-step guidance, hands-on examples, and tested configuration files.

 

Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against. Exploits discussed include: buffer overflows, denial of service, attacks on vulnerable scripts and programs, credential sniffing and spoofing, client parameter manipulation, brute force attacks, web defacements, and more.

 

Barnett introduces the Center for Internet Security Apache Benchmarks, a set of best-practice Apache security configuration actions and settings he helped to create. He addresses issues related to IT processes and your underlying OS; Apache downloading, installation, and configuration; application hardening; monitoring, and more. He also presents a chapter-length case study using actual Web attack logs and data captured “in the wild.”

 

For every sysadmin, Web professional, and security specialist responsible for Apache or Web application security.

 

With this book, you will learn to

  • Address the OS-related flaws most likely to compromise Web server security
  • Perform security-related tasks needed to safely download, configure, and install Apache
  • Lock down your Apache httpd.conf file and install essential Apache security modules
  • Test security with the CIS Apache Benchmark Scoring Tool
  • Use the WASC Web Security Threat Classification to identify and mitigate application threats
  • Test Apache mitigation settings against the Buggy Bank Web application
  • Analyze an Open Web Proxy Honeypot to gather crucial intelligence about attackers
  • Master advanced techniques for detecting and preventing intrusions

About the Author

Ryan C. Barnett is a chief security officer for EDS. He currently leads both Operations Security and Incident Response Teams for a government bureau in Washington, DC. In addition to his nine-to-five job, Ryan is also a faculty member for the SANS Institute, where his duties include instructor/courseware developer for Apache Security, Top 20 Vulnerabilities team member, and local mentor for the SANS Track 4, “Hacker Techniques, Exploits, and Incident Handling,” course. He holds six SANS Global Information Assurance Certifications (GIAC): Intrusion Analyst (GCIA), Systems and Network Auditor (GSNA), Forensic Analyst (GCFA), Incident Handler (GCIH), Unix Security Administrator (GCUX), and Security Essentials (GSEC). In addition to the SANS Institute, he is also the team lead for the Center for Internet Security Apache Benchmark Project and a member of the Web Application Security Consortium.

NO_CONTENT_IN_FEATURE

The latest book club pick from Oprah
"The Underground Railroad" by Colson Whitehead is a magnificent novel chronicling a young slave's adventures as she makes a desperate bid for freedom in the antebellum South. See more

Product Details

  • Paperback: 624 pages
  • Publisher: Addison-Wesley Professional; 1 edition (February 6, 2006)
  • Language: English
  • ISBN-10: 0321321286
  • ISBN-13: 978-0321321282
  • Product Dimensions: 7 x 1.7 x 9.1 inches
  • Shipping Weight: 2.7 pounds (View shipping rates and policies)
  • Average Customer Review: 4.6 out of 5 stars  See all reviews (7 customer reviews)
  • Amazon Best Sellers Rank: #1,866,699 in Books (See Top 100 in Books)

Customer Reviews

5 star
57%
4 star
43%
3 star
0%
2 star
0%
1 star
0%
See all 7 customer reviews
Share your thoughts with other customers

Top Customer Reviews

By Christos Partsenidis on April 11, 2006
Format: Paperback
According to Netcraft's latest Website Server Survey (February 2006), over 68% of internet websites are hosted on Apache servers. This presents a large group of potential targets for malicious attacks.

'Preventing Web Attacks with Apache' attempts to provide a comprehensive treatment of the thorny area of web server security with the sole emphasis being on Apache. Initial doubts about the viability of a 500 page treatise on securing an Apache server were dispelled by the in-depth and thorough approach of the author.

The book kicks off by exposing common misconceptions about web server security. For example, the fact that web servers need to have ports 80 (http) and 443 (SSL) open in order to function properly means that the effectiveness of security measures such as firewalls, DMZs and intrusion detection systems is somewhat diminished.

The proper configuration of the underlying operating system is then highlighted as the first line of defence. Issues such as the timely application of vendor patches, disabling of non-essential services, user management and proper application of file permissions are addressed.

At this stage it is necessary to note that the author has tailored the book specifically to cater for the 2.0 version fork of Apache as opposed to the 1.3 version. This is in spite of the fact that the 1.3 legacy version holds the majority of market share. His reason is that the version 2.0 fork contains a number of new security features, amongst other improvements, which make it easier to secure. Therefore users of the 1.3 version will need to take this into account when reading the book.
Read more ›
Comment 3 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
This book is a well written, in depth, look into the security issues around Apache and applications developed on top of Apache. The content is relevant, well explained, and very useful to both applications engineers and network security folks. Definitely a must read for those looking to deploy high load applications on the open Internet.
Comment 2 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback Verified Purchase
It's a good book. I'm glad to have it. But I'm only giving it 4 stars, not 5. To me - not as mind blowing as some of the other people have said. I found some information not useful, but the other half is quite useful and going through the whole book is giving me confidence in my servers.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
Thanks a lot, we are very happy to have this book in our library!
Comment One person found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Set up an Amazon Giveaway

Preventing Web Attacks with Apache
Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more about Amazon Giveaway
This item: Preventing Web Attacks with Apache

Pages with Related Products. See and discover other items: ebay books, computer security, computing