Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Preventing Web Attacks with Apache", Ryan C. Barnett

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Preventing Web Attacks with Apache", Ryan C. Barnett
Date: Fri, 03 Nov 2006 11:33:37 -0800 
BKPRWAWA.RVW   20060913

"Preventing Web Attacks with Apache", Ryan C. Barnett, 2006,
0-321-32128-6, U$49.99/C$66.99
%A   Ryan C. Barnett
%C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
%D   2006
%G   0-321-32128-6
%I   Addison-Wesley Publishing Co.
%O   U$49.99/C$66.99 416-447-5101 fax: 416-443-0948
%O  http://www.amazon.com/exec/obidos/ASIN/0321321286/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0321321286/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0321321286/robsladesin03-20
%O   Audience a- Tech 2 Writing 2 (see revfaq.htm for explanation)
%P   582 p.
%T   "Preventing Web Attacks with Apache"

Chapter one notes that there have been many attacks against Web
servers and the applications running on them.  It also lists the
common excuses presented for a lack of security preparation (and
assesses the weakness of those arguments).  Hardening of the (UNIX)
operating system, and network operating system, in order to establish
a trusted computing base for the Web server application, are dealt
with in chapter two.  Initial installation of the Apache software is
covered in chapter three.  Chapter four reviews the configuration
file, and properly secure settings and options.  Security related
modules in the Apache suite are discussed in chapter five.  Chapter
six reviews the Center for Internet Security Apache security benchmark
tool.  The Web Application Security Consortium (WASC) threat
classification system is described, in chapter seven, with specific
reference to Apache countermeasures against these attacks.  (The
material provides nice explanations and examples of a variety of
exploits.)  Buggy Bank, an intentionally flawed e-commerce application
that provides practice in hardening a Web server, is outlined in
chapter eight.  Chapter nine looks at various countermeasures and
controls that can be applied to Web servers and sites, noting
strengths and weaknesses, and also noting which work most effectively,
as well as which can be implemented via Apache functions.  If you'd
like to do primary research and gather information on attacks and the
level of threat to Web servers, chapter ten details the settings and
requirements for using Apache to set up a honeypot server.  Chapter
eleven finishes off with basic advice on issues such as patch
management, and also broadens the discussion to some fundamental
concerns in Internet security measures.

A helpful guide for those using Apache.

copyright Robert M. Slade, 2006   BKPRWAWA.RVW   20060913


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
Gourmet coffee shops -- just what we need ... a place where
people who talk too much anyway can go for caffeine.
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Preventing Web Attacks with Apache", Ryan C. Barnett, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] File - ++CISSP-Discuss.doc, CISSP-Discuss
Next by Date:  [CISSP-D] exam retake, rao_gs
Previous by Thread:  [CISSP-D] File - ++CISSP-Discuss.doc, CISSP-Discuss
Next by Thread:  [CISSP-D] exam retake, rao_gs
Indexes:  [Date] [Thread] [Top] [All Lists]