REVIEW: "Preventing Web Attacks with Apache", Ryan C. Barnett
- BKPRWAWA.RVW 20060913
"Preventing Web Attacks with Apache", Ryan C. Barnett, 2006,
%A Ryan C. Barnett
%C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
%I Addison-Wesley Publishing Co.
%O U$49.99/C$66.99 416-447-5101 fax: 416-443-0948
%O Audience a- Tech 2 Writing 2 (see revfaq.htm for explanation)
%P 582 p.
%T "Preventing Web Attacks with Apache"
Chapter one notes that there have been many attacks against Web
servers and the applications running on them. It also lists the
common excuses presented for a lack of security preparation (and
assesses the weakness of those arguments). Hardening of the (UNIX)
operating system, and network operating system, in order to establish
a trusted computing base for the Web server application, are dealt
with in chapter two. Initial installation of the Apache software is
covered in chapter three. Chapter four reviews the configuration
file, and properly secure settings and options. Security related
modules in the Apache suite are discussed in chapter five. Chapter
six reviews the Center for Internet Security Apache security benchmark
tool. The Web Application Security Consortium (WASC) threat
classification system is described, in chapter seven, with specific
reference to Apache countermeasures against these attacks. (The
material provides nice explanations and examples of a variety of
exploits.) Buggy Bank, an intentionally flawed e-commerce application
that provides practice in hardening a Web server, is outlined in
chapter eight. Chapter nine looks at various countermeasures and
controls that can be applied to Web servers and sites, noting
strengths and weaknesses, and also noting which work most effectively,
as well as which can be implemented via Apache functions. If you'd
like to do primary research and gather information on attacks and the
level of threat to Web servers, chapter ten details the settings and
requirements for using Apache to set up a honeypot server. Chapter
eleven finishes off with basic advice on issues such as patch
management, and also broadens the discussion to some fundamental
concerns in Internet security measures.
A helpful guide for those using Apache.
copyright Robert M. Slade, 2006 BKPRWAWA.RVW 20060913
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
Gourmet coffee shops -- just what we need ... a place where
people who talk too much anyway can go for caffeine.
Dictionary of Information Security www.syngress.com/catalog/?pid=4150