Table Of Content

Apache Security Table of Contents SPECIAL OFFER: Upgrade this ebook with O’Reilly Preface Audience Scope Contents of This Book Online Companion Conventions Used in This Book Programming Conventions Typesetting Conventions Using Code Examples We'd Like to Hear from You Safari Enabled Acknowledgments 1. Apache Security Principles 1.1. Security Definitions 1.1.1. Essential Security Principles 1.1.2. Common Security Vocabulary 1.1.3. Security Process Steps 1.1.4. Threat Modeling 1.1.5. System-Hardening Matrix 1.1.6. Calculating Risk 1.2. Web Application Architecture Blueprints 1.2.1. User View 1.2.2. Network View 1.2.3. Apache View 2. Installation and Configuration 2.1. Installation 2.1.1. Source or Binary 2.1.2. Static Binary or Dynamic Modules 2.1.3. Folder Locations 2.1.4. Installation Instructions 2.2. Configuration and Hardening 2.2.1. Setting Up the Server User Account 2.2.2. Setting Apache Binary File Permissions 2.2.3. Configuring Secure Defaults 2.2.4. Enabling CGI Scripts 2.2.5. Logging 2.2.6. Setting Server Configuration Limits 2.2.7. Preventing Information Leaks 2.3. Changing Web Server Identity 2.3.1. Changing the Server Header Field 2.3.2. Removing Default Content 2.4. Putting Apache in Jail 2.4.1. Tools of the chroot Trade 2.4.2. Using chroot to Put Apache in Jail 2.4.3. Using the chroot(2) Patch 2.4.4. Using mod_security or mod_chroot 3. PHP 3.1. Installation 3.1.1. Using PHP as a Module 3.1.2. Using PHP as a CGI 3.1.3. Choosing Modules 3.2. Configuration 3.2.1. Disabling Undesirable Options 3.2.2. Disabling Functions and Classes 3.2.3. Restricting Filesystem Access 3.2.4. Setting Logging Options 3.2.5. Setting Limits 3.2.6. Controlling File Uploads 3.2.7. Increasing Session Security 3.2.8. Setting Safe Mode Options 3.3. Advanced PHP Hardening 3.3.1. PHP 5 SAPI Input Hooks 3.3.2. Hardened-PHP 4. SSL and TLS 4.1. Cryptography 4.1.1. Symmetric Encryption 4.1.2. Asymmetric Encryption 4.1.3. One-Way Encryption 4.1.4. Public-Key Infrastructure 4.1.5. How It All Falls into Place 4.2. SSL 4.2.1. SSL Communication Summary 4.2.2. Is SSL Secure? 4.3. OpenSSL 4.4. Apache and SSL 4.4.1. Installing mod_ssl 4.4.2. Generating Keys 4.4.3. Generating a Certificate Signing Request 4.4.4. Signing Your Own Certificate 4.4.5. Getting a Certificate Signed by a CA 4.4.6. Configuring SSL 4.5. Setting Up a Certificate Authority 4.5.1. Preparing the CA Certificate for Distribution 4.5.2. Issuing Server Certificates 4.5.3. Issuing Client Certificates 4.5.4. Revoking Certificates 4.5.5. Using Client Certificates 4.6. Performance Considerations 4.6.1. OpenSSL Benchmark Script 4.6.2. Hardware Acceleration 5. Denial of Service Attacks 5.1. Network Attacks 5.1.1. Malformed Traffic 5.1.2. Brute-Force Attacks 5.1.3. SYN Flood Attacks 5.1.4. Source Address Spoofing 5.1.5. Distributed Denial of Service Attacks 5.1.6. Reflection DoS Attacks 5.2. Self-Inflicted Attacks 5.2.1. Badly Configured Apache 5.2.2. Poorly Designed Web Applications 5.2.3. Real-Life Client Problems 5.3. Traffic Spikes 5.3.1. Content Compression 5.3.2. Bandwidth Attacks 5.3.3. Cyber-Activism 5.3.4. The Slashdot Effect 5.4. Attacks on Apache 5.4.1. Apache Vulnerabilities 5.4.2. Brute-Force Attacks 5.4.3. Programming Model Attacks 5.5. Local Attacks 5.5.1. PAM Limits 5.5.2. Process Accounting 5.5.3. Kernel Auditing 5.6. Traffic-Shaping Modules 5.7. DoS Defense Strategy 6. Sharing Servers 6.1. Sharing Problems 6.1.1. File Permission Problems 6.1.2. Dynamic-Content Problems 6.1.3. Sharing Resources 6.1.4. Same Domain Name Problems 6.1.5. Information Leaks on Execution Boundaries 6.2. Distributing Configuration Data 6.3. Securing Dynamic Requests 6.3.1. Enabling Script Execution 6.3.2. Setting CGI Script Limits 6.3.3. Using suEXEC 6.3.4. FastCGI 6.3.5. Running PHP as a Module 6.4. Working with Large Numbers of Users 6.4.1. Web Shells 6.4.2. Dangerous Binaries 7. Access Control 7.1. Overview 7.2. Authentication Methods 7.2.1. Basic Authentication 7.2.2. Digest Authentication 7.2.3. Form-Based Authentication 7.3. Access Control in Apache 7.3.1. Basic Authentication Using Plaintext Files 7.3.2. Basic Authentication Using DBM Files 7.3.3. Digest Authentication 7.3.4. Certificate-Based Access Control 7.3.5. Network Access Control 7.3.6. Proxy Access Control 7.3.7. Final Access Control Notes 7.4. Single Sign-on 7.4.1. Web Single Sign-on 7.4.2. Simple Apache-Only Single Sign-on 8. Logging and Monitoring 8.1. Apache Logging Facilities 8.1.1. Request Logging 8.1.2. Error Logging 8.1.3. Special Logging Modules 8.1.4. Audit Log 8.1.5. Performance Measurement 8.1.6. File Upload Interception 8.1.7. Application Logs 8.1.8. Logging as Much as Possible 8.2. Log Manipulation 8.2.1. Piped Logging 8.2.2. Log Rotation 8.2.3. Issues with Log Distribution 8.3. Remote Logging 8.3.1. Manual Centralization 8.3.2. Syslog Logging 8.3.3. Database Logging 8.3.4. Distributed Logging with the Spread Toolkit 8.4. Logging Strategies 8.5. Log Analysis 8.6. Monitoring 8.6.1. File Integrity 8.6.2. Event Monitoring 8.6.3. Web Server Status 9. Infrastructure 9.1. Application Isolation Strategies 9.1.1. Isolating Applications from Servers 9.1.2. Isolating Application Modules 9.1.3. Utilizing Virtual Servers 9.2. Host Security 9.2.1. Restricting and Securing User Access 9.2.2. Deploying Minimal Services 9.2.3. Gathering Information and Monitoring Events 9.2.4. Securing Network Access 9.2.5. Advanced Hardening 9.2.6. Keeping Up to Date 9.3. Network Security 9.3.1. Firewall Usage 9.3.2. Centralized Logging 9.3.3. Network Monitoring 9.3.4. External Monitoring 9.4. Using a Reverse Proxy 9.4.1. Apache Reverse Proxy 9.4.2. Reverse Proxy by Network Design 9.4.3. Reverse Proxy by Redirecting Network Traffic 9.5. Network Design 9.5.1. Reverse Proxy Patterns 9.5.2. Advanced Architectures 10. Web Application Security 10.1. Session Management Attacks 10.1.1. Cookies 10.1.2. Session Management Concepts 10.1.3. Keeping in Touch with Clients 10.1.4. Session Tokens 10.1.5. Session Attacks 10.1.6. Good Practices 10.2. Attacks on Clients 10.2.1. Typical Client Attack Targets 10.2.2. Phishing 10.3. Application Logic Flaws 10.3.1. Cookies and Hidden Fields 10.3.2. POST Method 10.3.3. Referrer Check Flaws 10.3.4. Process State Management 10.3.5. Client-Side Validation 10.4. Information Disclosure 10.4.1. HTML Source Code 10.4.2. Directory Listings 10.4.3. Verbose Error Messages 10.4.4. Debug Messages 10.5. File Disclosure 10.5.1. Path Traversal 10.5.2. Application Download Flaws 10.5.3. Source Code Disclosure 10.5.4. Predictable File Locations 10.6. Injection Flaws 10.6.1. SQL Injection 10.6.2. Cross-Site Scripting 10.6.3. Command Execution 10.6.4. Code Execution 10.6.5. Preventing Injection Attacks 10.7. Buffer Overflows 10.8. Evasion Techniques 10.8.1. Simple Evasion Techniques 10.8.2. Path Obfuscation 10.8.3. URL Encoding 10.8.4. Unicode Encoding 10.8.5. Null-Byte Attacks 10.8.6. SQL Evasion 10.9. Web Application Security Resources 10.9.1. General Resources 10.9.2. Web Application Security Resources 11. Web Security Assessment 11.1. BlackBox Testing 11.1.1. Information Gathering 11.1.2. Web Server Analysis 11.1.3. Web Application Analysis 11.1.4. Attacks Against Access Control 11.1.5. Vulnerability Probing 11.2. White-Box Testing 11.2.1. Architecture Review 11.2.2. Configuration Review 11.2.3. Functional Review 11.3. Gray-Box Testing 12. Web Intrusion Detection 12.1. Evolution of Web Intrusion Detection 12.1.1. Is Intrusion Detection the Right Approach? 12.1.2. Log-Based Web Intrusion Detection 12.1.3. Real-Time Web Intrusion Detection 12.1.4. Web Intrusion Detection Features 12.2. Using mod_security 12.2.1. Introduction 12.2.2. More Configuration Advice 12.2.3. Deployment Guidelines 12.2.4. Detecting Common Attacks 12.2.5. Advanced Topics A. Tools A.1. Learning Environments A.1.1. WebMaven A.1.2. WebGoat A.2. Information-Gathering Tools A.2.1. Online Tools at TechnicalInfo A.2.2. Netcraft A.2.3. Sam Spade A.2.4. SiteDigger A.2.5. SSLDigger A.2.6. Httprint A.3. Network-Level Tools A.3.1. Netcat A.3.2. Stunnel A.3.3. Curl A.3.4. Network-Sniffing Tools A.3.5. SSLDump A.4. Web Security Scanners A.4.1. Nikto A.4.2. Nessus A.5. Web Application Security Tools A.5.1. Paros A.5.2. Commercial Web Security Tools A.6. HTTP Programming Libraries Index SPECIAL OFFER: Upgrade this ebook with O’Reilly Apache Security Ivan Ristic Editor Allison Randal Editor Tatiana Apandi Copyright © 2009 O'Reilly Media, Inc. O'Reilly Media

Description:
Note: This book is now out of print. A Kindle version published by the author is available from Amazon. For other digital formats (PDF, EPUB, etc), please visit feistyduck.com.With more than 67% of web servers running Apache, it is by far the most widely used web server platform in the world. Apache
ebook img

Apache Security PDF

610 Pages·2009·4.04 MB·English
by  Ivan Ristic
Download
Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Download Apache Security PDF Free - Full Version

by Ivan Ristic| 2009| 610 pages| 4.04| English

Download Apache Security by Ivan Ristic in PDF format completely FREE. No registration required, no payment needed. Get instant access to this valuable resource on PDFdrive.to!

Free Download PDF

About Apache Security

Note: This book is now out of print. A Kindle version published by the author is available from Amazon. For other digital formats (PDF, EPUB, etc), please visit feistyduck.com.With more than 67% of web servers running Apache, it is by far the most widely used web server platform in the world. Apache

Detailed Information

Author:Ivan Ristic
Publication Year:2009
Pages:610
Language:English
File Size:4.04
Format:PDF
Price:FREE
Download Free PDF

Safe & Secure Download - No registration required

Why Choose PDFdrive for Your Free Apache Security Download?

  • 100% Free: No hidden fees or subscriptions required for one book every day.
  • No Registration: Immediate access is available without creating accounts for one book every day.
  • Safe and Secure: Clean downloads without malware or viruses
  • Multiple Formats: PDF, MOBI, Mpub,... optimized for all devices
  • Educational Resource: Supporting knowledge sharing and learning

Free Books Similar to Apache Security

Frequently Asked Questions

Is it really free to download Apache Security PDF?

Yes, on https://PDFdrive.to you can download Apache Security by Ivan Ristic completely free. We don't require any payment, subscription, or registration to access this PDF file. For 3 books every day.

How can I read Apache Security on my mobile device?

After downloading Apache Security PDF, you can open it with any PDF reader app on your phone or tablet. We recommend using Adobe Acrobat Reader, Apple Books, or Google Play Books for the best reading experience.

Is this the full version of Apache Security?

Yes, this is the complete PDF version of Apache Security by Ivan Ristic. You will be able to read the entire content as in the printed version without missing any pages.

Is it legal to download Apache Security PDF for free?

https://PDFdrive.to provides links to free educational resources available online. We do not store any files on our servers. Please be aware of copyright laws in your country before downloading.

The materials shared are intended for research, educational, and personal use in accordance with fair use principles.

Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.
We use cookies

We use cookies to ensure you get the best browsing experience on our website. By clicking "Accept Cookies", you agree that we can store cookies on your device in accordance with our Terms and Privacy.

DMCA & Copyright: Dear all, most of the website is community built, users are uploading hundred of books everyday, which makes really hard for us to identify copyrighted material, please contact us if you want any material removed.
Copyright @ PDFdrive.to, 2022 | We love our users