Mod Security 2.5 - Ebook
Download:
Download:
Prevent web application hacking with this easy to use guide
Secure your system by knowing exactly how a hacker would break into it
Covers writing rules in-depth and Modsecurity rule language elements such as variables, actions, and request phases
Covers the common attacks in use on the Web, and ways to find the
geographical location of an attacker and send alert emails when attacks
are discovered
Packed with many real-life examples for better understanding
In Detail
With more than 67% of web servers running Apache and web-based attacks
becoming more and more prevalent, web security has become a critical
area for web site managers. Most existing tools work on the TCP/IP
level, failing to use the specifics of the HTTP protocol in their
operation. Mod_security is a module running on Apache, which will help
you overcome the security threats prevalent in the online world.
A complete guide to using ModSecurity, this book will show you how to
secure your web application and server, and does so by using real-world
examples of attacks currently in use. It will help you learn about SQL
injection, cross-site scripting attacks, cross-site request forgeries,
null byte attacks, and many more so that you know how attackers
operate.
Using clear, step-by-step instructions this book starts by teaching
you how to install and set up ModSecurity, before diving into the rule
language with examples. It assumes no prior knowledge of ModSecurity, so
as long as you are familiar with basic Linux administration, you can
start to learn right away.
Real-life case studies are used to illustrate the dangers on the Web
today - you will for example learn how the recent worm that hit Twitter
works, and how you could have used ModSecurity to stop it in its
tracks. The mechanisms behind these and other attacks are described in
detail, and you will learn everything you need to know to make sure your
server and web application remain unscathed on the increasingly
dangerous web. Have you ever wondered how attackers figure out the exact
web server version running on a system? They use a technique called
HTTP fingerprinting, and you will learn about this in depth and how to
defend against it by flying your web server under a "false flag".
The last part of the book shows you how to really lock down a web
application by implementing a positive security model that only allows
through requests that conform to a specific, pre-approved model, and
denying anything that is even the slightest bit out of line.
Download:
Link mediafire: [You must be registered and logged in to see this link.]
Or
[You must be registered and logged in to see this link.]