Preventing Web Attacks with Apache
暫譯: 使用 Apache 防止網路攻擊

Ryan C. Barnett

Preventing Web Attacks with Apache
  • 出版商: Addison Wesley
  • 出版日期: 2006-02-06
  • 定價: $1,866
  • 售價: 6.0$1,120
  • 語言: 英文
  • 頁數: 624
  • 裝訂: Paperback
  • ISBN: 0321321286
  • ISBN-13: 9780321321282
  • 相關分類: 網站伺服器 Web-server

    • 立即出貨(限量) (庫存=2)

買這商品的人也買了...

相關主題

商品描述

Description

Ryan Barnett has raised the bar in terms of running Apache securely. If you run Apache, stop right now and leaf through this book; you need this information.”

–Stephen Northcutt, The SANS Institute

 

The only end-to-end guide to securing Apache Web servers and Web applications

 

Apache can be hacked. As companies have improved perimeter security, hackers have increasingly focused on attacking Apache Web servers and Web applications. Firewalls and SSL won’t protect you: you must systematically harden your Web application environment. Preventing Web Attacks with Apache brings together all the information you’ll need to do that: step-by-step guidance, hands-on examples, and tested configuration files.

 

Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against. Exploits discussed include: buffer overflows, denial of service, attacks on vulnerable scripts and programs, credential sniffing and spoofing, client parameter manipulation, brute force attacks, web defacements, and more.

 

Barnett introduces the Center for Internet Security Apache Benchmarks, a set of best-practice Apache security configuration actions and settings he helped to create. He addresses issues related to IT processes and your underlying OS; Apache downloading, installation, and configuration; application hardening; monitoring, and more. He also presents a chapter-length case study using actual Web attack logs and data captured “in the wild.”

 

For every sysadmin, Web professional, and security specialist responsible for Apache or Web application security.

 

With this book, you will learn to

  • Address the OS-related flaws most likely to compromise Web server security
  • Perform security-related tasks needed to safely download, configure, and install Apache
  • Lock down your Apache httpd.conf file and install essential Apache security modules
  • Test security with the CIS Apache Benchmark Scoring Tool
  • Use the WASC Web Security Threat Classification to identify and mitigate application threats
  • Test Apache mitigation settings against the Buggy Bank Web application
  • Analyze an Open Web Proxy Honeypot to gather crucial intelligence about attackers
  • Master advanced techniques for detecting and preventing intrusions

 

 

商品描述(中文翻譯)

描述
「Ryan Barnett 在安全運行 Apache 方面提高了標準。如果你正在運行 Apache,現在就停下來翻閱這本書;你需要這些資訊。」
– Stephen Northcutt, The SANS Institute

唯一的端到端指南,用於保護 Apache 網頁伺服器和網頁應用程式

Apache 可以被駭客攻擊。隨著公司改善邊界安全,駭客越來越專注於攻擊 Apache 網頁伺服器和網頁應用程式。防火牆和 SSL 無法保護你:你必須系統性地加固你的網頁應用程式環境。《Preventing Web Attacks with Apache》匯集了你所需的所有資訊:逐步指導、實作範例和經過測試的配置檔案。

基於他在 SANS 上關於 Apache 安全的開創性演講,Ryan C. Barnett 揭示了為什麼你的網頁伺服器是如此吸引人的目標、重大漏洞是如何被利用的,以及如何防禦這些攻擊。討論的漏洞包括:緩衝區溢位、拒絕服務、對易受攻擊的腳本和程式的攻擊、憑證嗅探和偽造、客戶端參數操控、暴力破解攻擊、網頁篡改等。

Barnett 介紹了網際網路安全中心的 Apache 基準,這是一套最佳實踐的 Apache 安全配置行動和設置,他參與了創建。他還討論了與 IT 流程和底層作業系統相關的問題;Apache 的下載、安裝和配置;應用程式加固;監控等。他還提供了一個章節長的案例研究,使用實際的網頁攻擊日誌和在「野外」捕獲的數據。

適合每位負責 Apache 或網頁應用程式安全的系統管理員、網頁專業人士和安全專家。

透過這本書,你將學會:
- 解決最有可能危害網頁伺服器安全的作業系統相關缺陷
- 執行安全相關任務,以安全地下載、配置和安裝 Apache
- 鎖定你的 Apache httpd.conf 檔案並安裝必要的 Apache 安全模組
- 使用 CIS Apache 基準評分工具測試安全性
- 使用 WASC 網頁安全威脅分類來識別和減輕應用程式威脅
- 測試 Apache 減輕設置對 Buggy Bank 網頁應用程式的效果
- 分析開放網頁代理蜜罐,以收集有關攻擊者的重要情報
- 精通檢測和防止入侵的高級技術

類似商品