Useful Books and Software
|
Related Apache Books |
|
|
 |
| |
|
|
| |
 |
| |
 |
|
5.0 of 5.0 |
|
|
Apache Security |
With more than 67% of web servers running Apache, it is by far the most widely used web server platform in the world. Apache has evolved into a powerful system that easily rivals other HTTP servers in terms of functionality, efficiency, and speed. Despite these impressive capabilities, though, Apache is only a beneficial tool if it's a secure one. To be sure, administrators installing and configuring Apache still need a sure-fire way to secure it--whether it's running a huge e-commerce operation, corporate intranet, or just a small hobby site. Our new guide, Apache Security, gives administrators and webmasters just what they crave--a comprehensive security source for Apache. Successfully combining Apache administration and web security topics, Apache Security speaks to nearly everyone in the field. What's more, it offers a concise introduction to the theory of securing Apache, as well as a broad perspective on server security in general. But this book isn't just about theory. The real strength of Apache Security lies in its wealth of interesting and practical advice, with many real-life examples and solutions. Administrators and programmers will learn how to: - install and configure Apache
- prevent denial of service (DoS) and other attacks
- securely share servers
- control logging and monitoring
- secure custom-written web applications
- conduct a web security assessment
- use mod_security and other security-related modules
And that's just the tip of the iceberg, as mainstream Apache users will also gain valuable information on PHP and SSL/ TLS. Clearly, Apache Security is packed and to the point, with plenty of details for locking down this extremely popular and versatile web server.
|
|
|
Publisher:
O'Reilly Media, Inc.
Author:
Ivan Ristic
Release Date: 2005-03-15
ISBN/EAN: 0596007248 / 9780596007249
New Price: $16.90 /
Used Price: $16.90 /
Collectible Price: n.a.
Buy
it Now!
Average Rating: 5.0
Number of
Reviews: 12 |
| |
|
|
| Much more than just Apache Security | Rating: | I found this book while browsing the programming section of Borders (the programming section of my local Borders is amazing!), and I've found it to be a real gem.
The book covers so much more than just Apache security. It covers installation and configuration, and explains a little of how Apache works along the way. There are also chapters or sections on:
- Understanding and securing PHP
- An explanation of SSL
- DOS attacks
- Traffic shaping in Apache
- Logging is covered extensively
- There's a chapter on web security in general, where all the common attacks are explained
- Using Apache as a proxy or a reverse proxy
I especially enjoyed the Web Security Assessment chapter where the author explained how to systematically analyze and probe web applications/servers, with many real world examples.
There is a large section discussing mod_security, which is an amazing Apache module. Mod_security is an intrusion detection and prevention engine for web applications (a web application firewall). The book is written by the author of mod_security (Ivan Ristic), so he really knows what he's talking about in this area. Also covered is mod_dosevasive, which, obviously helps prevent against denial of service attacks.
I would not hesitate to recommend this book to any Apache administrator, user, or web programmer. Its one of my favorite books on my bookshelf. | | Total Votes: 0, Helpful Votes: 0, Date: 2007-10-11 | | | | super | Rating: | | Thanks a lot, we are very happy to have this book in our library! | | Total Votes: 1, Helpful Votes: 0, Date: 2007-03-08 | | | | The single best Apache security book in print | Rating: | I recently received copies of Apache Security (AS) by Ivan Ristic and Preventing Web Attacks with Apache (PWAWA) by Ryan Barnett. I read AS first, then PWAWA. Both are excellent books, but I expect potential readers want to know which is best for them. The following is a radical simplification, and I could honestly recommend readers buy either (or both) books. If you are more concerned with a methodical, comprehensive approach to securing Apache, choose AS. If you want more information on offensive aspects of Web security, choose PWAWA.
Before I go further, I must mention that Ivan Ristic cites me and my books twice, on pages 2 and 229. While humbling, I tried not to let this fact influence my review.
AS is an extremely well-thought-out book. My favorite aspect of AS is the decision to start with a blank httpd.conf file, rather than accepting the file packaged with Apache and making edits as needed. By building up httpd.conf from scratch, the author shows exactly what components are needed in a very clear manner. This was not the approach used by PWAWA. I would like to see other technical books adopt this teaching method.
AS includes better coverage of several topics which I believe are core to securing Apache. I liked AS' discussion of chroot environments and jails, although the author should distinguish between chroot on Linux or BSD and jail on BSD alone. AS features a whole chapter on proper PHP deployment (Ch 3), and a whole chapter on SSL/TLS (Ch 4). AS devotes another chapter to explaining how to host multiple Web sites on one host (Ch 6), which is critical to many Apache environments. AS' chapter on Web infrastructure (CH 9) also covers topics not found in PWAWA.
AS is also less explicitly Linux-centric than PWAWA. As a primary FreeBSD user, I found AS' approach more applicable to my environment. PWAWA seemed to assume everyone was running Red Hat Linux. It's fine to use a single OS for all examples, but I had to personally identify tools and techniques that would probably only work on Red Hat.
I had very little trouble with any of the text in AS. My main concerns involve Ch 1, where the author spends time on certain security concepts. I would consider the following with regards to threat modeling on p. 5: (asset) what might be compromised; (motivation) why compromise; (vulnerabilities) where compromised; (attack) how compromised; (threat) who compromised you; (risk) threat X vulnerability X asset value. On pp 9-10 the author should also have used the risk equation just mentioned.
Overall, I really liked AS. The book really is about Apache security, so if you are more interested in attacking Apache you might prefer PWAWA. If you want to learn about Web application hacking in general, your best bets are probably Hacking Exposed: Web Applications, 2nd Ed, and Professional Pen Testing for Web Applications. I will read and review those two books shortly. | | Total Votes: 11, Helpful Votes: 11, Date: 2006-09-27 | | | | Excellent book... | Rating: | This book is worth every single dollar. The examples are very clear and also provide invaluable information about security.
A must have for everybody using Apacge. | | Total Votes: 2, Helpful Votes: 1, Date: 2006-08-01 | | | | Review of "Apache Security" by Ivan Ristic | Rating: | | Excellent book. The chapters on PHP and logging are especially useful. | | Total Votes: 4, Helpful Votes: 2, Date: 2006-03-02 | | | | Much more than just Apache Security | Rating: | I found this book while browsing the programming section of Borders (the programming section of my local Borders is amazing!), and I've found it to be a real gem.
The book covers so much more than just Apache security. It covers installation and configuration, and explains a little of how Apache works along the way. There are also chapters or sections on:
- Understanding and securing PHP
- An explanation of SSL
- DOS attacks
- Traffic shaping in Apache
- Logging is covered extensively
- There's a chapter on web security in general, where all the common attacks are explained
- Using Apache as a proxy or a reverse proxy
I especially enjoyed the Web Security Assessment chapter where the author explained how to systematically analyze and probe web applications/servers, with many real world examples.
There is a large section discussing mod_security, which is an amazing Apache module. Mod_security is an intrusion detection and prevention engine for web applications (a web application firewall). The book is written by the author of mod_security (Ivan Ristic), so he really knows what he's talking about in this area. Also covered is mod_dosevasive, which, obviously helps prevent against denial of service attacks.
I would not hesitate to recommend this book to any Apache administrator, user, or web programmer. Its one of my favorite books on my bookshelf. | | Total Votes: 0, Helpful Votes: 0, Date: 2007-10-11 | | | | super | Rating: | | Thanks a lot, we are very happy to have this book in our library! | | Total Votes: 1, Helpful Votes: 0, Date: 2007-03-08 | | | | The single best Apache security book in print | Rating: | I recently received copies of Apache Security (AS) by Ivan Ristic and Preventing Web Attacks with Apache (PWAWA) by Ryan Barnett. I read AS first, then PWAWA. Both are excellent books, but I expect potential readers want to know which is best for them. The following is a radical simplification, and I could honestly recommend readers buy either (or both) books. If you are more concerned with a methodical, comprehensive approach to securing Apache, choose AS. If you want more information on offensive aspects of Web security, choose PWAWA.
Before I go further, I must mention that Ivan Ristic cites me and my books twice, on pages 2 and 229. While humbling, I tried not to let this fact influence my review.
AS is an extremely well-thought-out book. My favorite aspect of AS is the decision to start with a blank httpd.conf file, rather than accepting the file packaged with Apache and making edits as needed. By building up httpd.conf from scratch, the author shows exactly what components are needed in a very clear manner. This was not the approach used by PWAWA. I would like to see other technical books adopt this teaching method.
AS includes better coverage of several topics which I believe are core to securing Apache. I liked AS' discussion of chroot environments and jails, although the author should distinguish between chroot on Linux or BSD and jail on BSD alone. AS features a whole chapter on proper PHP deployment (Ch 3), and a whole chapter on SSL/TLS (Ch 4). AS devotes another chapter to explaining how to host multiple Web sites on one host (Ch 6), which is critical to many Apache environments. AS' chapter on Web infrastructure (CH 9) also covers topics not found in PWAWA.
AS is also less explicitly Linux-centric than PWAWA. As a primary FreeBSD user, I found AS' approach more applicable to my environment. PWAWA seemed to assume everyone was running Red Hat Linux. It's fine to use a single OS for all examples, but I had to personally identify tools and techniques that would probably only work on Red Hat.
I had very little trouble with any of the text in AS. My main concerns involve Ch 1, where the author spends time on certain security concepts. I would consider the following with regards to threat modeling on p. 5: (asset) what might be compromised; (motivation) why compromise; (vulnerabilities) where compromised; (attack) how compromised; (threat) who compromised you; (risk) threat X vulnerability X asset value. On pp 9-10 the author should also have used the risk equation just mentioned.
Overall, I really liked AS. The book really is about Apache security, so if you are more interested in attacking Apache you might prefer PWAWA. If you want to learn about Web application hacking in general, your best bets are probably Hacking Exposed: Web Applications, 2nd Ed, and Professional Pen Testing for Web Applications. I will read and review those two books shortly. | | Total Votes: 11, Helpful Votes: 11, Date: 2006-09-27 | | | | Excellent book... | Rating: | This book is worth every single dollar. The examples are very clear and also provide invaluable information about security.
A must have for everybody using Apacge. | | Total Votes: 2, Helpful Votes: 1, Date: 2006-08-01 | | | | Review of "Apache Security" by Ivan Ristic | Rating: | | Excellent book. The chapters on PHP and logging are especially useful. | | Total Votes: 4, Helpful Votes: 2, Date: 2006-03-02 | | | | Much more than just Apache Security | Rating: | I found this book while browsing the programming section of Borders (the programming section of my local Borders is amazing!), and I've found it to be a real gem.
The book covers so much more than just Apache security. It covers installation and configuration, and explains a little of how Apache works along the way. There are also chapters or sections on:
- Understanding and securing PHP
- An explanation of SSL
- DOS attacks
- Traffic shaping in Apache
- Logging is covered extensively
- There's a chapter on web security in general, where all the common attacks are explained
- Using Apache as a proxy or a reverse proxy
I especially enjoyed the Web Security Assessment chapter where the author explained how to systematically analyze and probe web applications/servers, with many real world examples.
There is a large section discussing mod_security, which is an amazing Apache module. Mod_security is an intrusion detection and prevention engine for web applications (a web application firewall). The book is written by the author of mod_security (Ivan Ristic), so he really knows what he's talking about in this area. Also covered is mod_dosevasive, which, obviously helps prevent against denial of service attacks.
I would not hesitate to recommend this book to any Apache administrator, user, or web programmer. Its one of my favorite books on my bookshelf. | | Total Votes: 0, Helpful Votes: 0, Date: 2007-10-11 | | | | super | Rating: | | Thanks a lot, we are very happy to have this book in our library! | | Total Votes: 1, Helpful Votes: 0, Date: 2007-03-08 | | | | The single best Apache security book in print | Rating: | I recently received copies of Apache Security (AS) by Ivan Ristic and Preventing Web Attacks with Apache (PWAWA) by Ryan Barnett. I read AS first, then PWAWA. Both are excellent books, but I expect potential readers want to know which is best for them. The following is a radical simplification, and I could honestly recommend readers buy either (or both) books. If you are more concerned with a methodical, comprehensive approach to securing Apache, choose AS. If you want more information on offensive aspects of Web security, choose PWAWA.
Before I go further, I must mention that Ivan Ristic cites me and my books twice, on pages 2 and 229. While humbling, I tried not to let this fact influence my review.
AS is an extremely well-thought-out book. My favorite aspect of AS is the decision to start with a blank httpd.conf file, rather than accepting the file packaged with Apache and making edits as needed. By building up httpd.conf from scratch, the author shows exactly what components are needed in a very clear manner. This was not the approach used by PWAWA. I would like to see other technical books adopt this teaching method.
AS includes better coverage of several topics which I believe are core to securing Apache. I liked AS' discussion of chroot environments and jails, although the author should distinguish between chroot on Linux or BSD and jail on BSD alone. AS features a whole chapter on proper PHP deployment (Ch 3), and a whole chapter on SSL/TLS (Ch 4). AS devotes another chapter to explaining how to host multiple Web sites on one host (Ch 6), which is critical to many Apache environments. AS' chapter on Web infrastructure (CH 9) also covers topics not found in PWAWA.
AS is also less explicitly Linux-centric than PWAWA. As a primary FreeBSD user, I found AS' approach more applicable to my environment. PWAWA seemed to assume everyone was running Red Hat Linux. It's fine to use a single OS for all examples, but I had to personally identify tools and techniques that would probably only work on Red Hat.
I had very little trouble with any of the text in AS. My main concerns involve Ch 1, where the author spends time on certain security concepts. I would consider the following with regards to threat modeling on p. 5: (asset) what might be compromised; (motivation) why compromise; (vulnerabilities) where compromised; (attack) how compromised; (threat) who compromised you; (risk) threat X vulnerability X asset value. On pp 9-10 the author should also have used the risk equation just mentioned.
Overall, I really liked AS. The book really is about Apache security, so if you are more interested in attacking Apache you might prefer PWAWA. If you want to learn about Web application hacking in general, your best bets are probably Hacking Exposed: Web Applications, 2nd Ed, and Professional Pen Testing for Web Applications. I will read and review those two books shortly. | | Total Votes: 11, Helpful Votes: 11, Date: 2006-09-27 | | | | Excellent book... | Rating: | This book is worth every single dollar. The examples are very clear and also provide invaluable information about security.
A must have for everybody using Apacge. | | Total Votes: 2, Helpful Votes: 1, Date: 2006-08-01 | | | | Review of "Apache Security" by Ivan Ristic | Rating: | | Excellent book. The chapters on PHP and logging are especially useful. | | Total Votes: 4, Helpful Votes: 2, Date: 2006-03-02 | | |
|
|
|
|
| |
|
|
|
|
|
