ModSecurity 2.5

Prevent web application hacking with this easy to use guide

ModSecurity 2.5

Magnus Mischel

1 customer reviews
Prevent web application hacking with this easy to use guide
Packt Subscription
FREE
$8.33/m after trial
eBook
$21.00
RRP $29.99
Save 29%
Print + eBook
$49.99
RRP $49.99
What do I get with a Packt subscription?
  • Exclusive monthly discount - no contract
  • Unlimited access to entire Packt library of 6500+ eBooks and Videos
  • 120 new titles added every month, on new and emerging tech
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the subscription reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the subscription reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the subscription reader
$0.00
$21.00
$49.99
$0 p/m after trial
RRP $29.99
RRP $49.99
Subscription
eBook
Print + eBook
Start 10 Day Trial

Frequently bought together


ModSecurity 2.5 Book Cover
ModSecurity 2.5
$ 29.99
$ 21.00
AJAX and PHP: Building Modern Web Applications 2nd Edition Book Cover
AJAX and PHP: Building Modern Web Applications 2nd Edition
$ 23.99
$ 16.80
Buy 2 for $34.30
Save $19.68
Add to Cart

Book Details

ISBN 139781847194749
Paperback280 pages

Book Description

With more than 67% of web servers running Apache and web-based attacks becoming more and more prevalent, web security has become a critical area for web site managers. Most existing tools work on the TCP/IP level, failing to use the specifics of the HTTP protocol in their operation. Mod_security is a module running on Apache, which will help you overcome the security threats prevalent in the online world.

A complete guide to using ModSecurity, this book will show you how to secure your web application and server, and does so by using real-world examples of attacks currently in use. It will help you learn about SQL injection, cross-site scripting attacks, cross-site request forgeries, null byte attacks, and many more so that you know how attackers operate.
Using clear, step-by-step instructions this book starts by teaching you how to install and set up ModSecurity, before diving into the rule language with examples. It assumes no prior knowledge of ModSecurity, so as long as you are familiar with basic Linux administration, you can start to learn right away.

Real-life case studies are used to illustrate the dangers on the Web today – you will for example learn how the recent worm that hit Twitter works, and how you could have used ModSecurity to stop it in its tracks. The mechanisms behind these and other attacks are described in detail, and you will learn everything you need to know to make sure your server and web application remain unscathed on the increasingly dangerous web. Have you ever wondered how attackers figure out the exact web server version running on a system? They use a technique called HTTP fingerprinting, and you will learn about this in depth and how to defend against it by flying your web server under a "false flag".

The last part of the book shows you how to really lock down a web application by implementing a positive security model that only allows through requests that conform to a specific, pre-approved model, and denying anything that is even the slightest bit out of line.

Table of Contents

What You Will Learn

  • Compile ModSecurity from source and install it on a Linux system
  • Log any anomalous event and use the ModSecurity console to view log data online so that attempted break-ins can be quickly discovered and dealt with
  • Learn how a recent worm disabled Twitter and how it could have been stopped using ModSecurity
  • Guard against web site defacement by having ModSecurity scan for unauthorized changes to your web pages then alert you about issues via email.
  • Locate the geographical position of an attacker using ModSecurity applications
  • Know how attackers operate by learning about SQL injection, cross-site scripting attacks, cross-site request forgeries, null byte attacks, and many more
  • Put Apache in a chroot jail using ModSecurity – no more frustrating hours of tinkering to get everything working as it should
  • Prevent HTTP fingerprinting by flying your Apache server under a false flag
  • Protect against newly discovered vulnerabilities that don't have a vendor-supplied patch, using ModSecurity "just-in-time" patching
  • Prevent the source code of your web application being shown to the world if something goes wrong with your server configuration
  • Discover the real IP address of an attacker using ModSecurity, even if the attacker is behind a proxy server

Authors

Table of Contents

Book Details

ISBN 139781847194749
Paperback280 pages
Read More
From 1 reviews

Read More Reviews

Recommended for You

AJAX and PHP: Building Modern Web Applications 2nd Edition Book Cover
AJAX and PHP: Building Modern Web Applications 2nd Edition
$ 23.99
$ 16.80
Apache Axis2 Web Services, 2nd Edition Book Cover
Apache Axis2 Web Services, 2nd Edition
$ 23.99
$ 16.80
UML 2.0 in Action: A project-based tutorial  Book Cover
UML 2.0 in Action: A project-based tutorial
$ 20.99
$ 14.70
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide Book Cover
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
$ 35.99
$ 7.20
Openswan: Building and Integrating Virtual Private Networks Book Cover
Openswan: Building and Integrating Virtual Private Networks
$ 35.99
$ 25.20
SpamAssassin: A practical guide to integration and configuration Book Cover
SpamAssassin: A practical guide to integration and configuration
$ 23.99
$ 16.80