Modsecurity Handbook

Front Cover
Feisty Duck, 2010 - Computers - 340 pages
0 Reviews
PRODUCT DESCRIPTION ModSecurity Handbook is the definitive guide to ModSecurity, a popular open source web application firewall. Written by Ivan Ristic, who designed and wrote much of ModSecurity, this book will teach you everything you need to know to monitor the activity on your web sites and protect them from attack. Situated between your web sites and the world, web application firewalls provide an additional security layer, monitoring everything that comes in and everything that goes out. They enable you to perform many advanced activities, such as real-time application security monitoring, access control, virtual patching, HTTP traffic logging, continuous passive security assessment, and web application hardening. They can be very effective in preventing application security attacks, such as cross-site scripting, SQL injection, remote file inclusion, and others. Considering that most web sites today suffer from one problem or another, ModSecurity Handbook will help anyone who has a web site to run. The topics covered include: - Installation and configuration of ModSecurity - Logging of complete HTTP traffic - Rule writing, in detail - IP address, session, and user tracking - Session management hardening - Whitelisting, blacklisting, and IP reputation management - Advanced blocking strategies - Integration with other Apache modules - Working with rule sets - Virtual patching - Performance considerations - Content injection - XML inspection - Writing rules in Lua - Extending ModSecurity in C The book is suitable for all reader levels: it contains step-by-step installation and configuration instructions for those just starting out, as well as detailed explanations of the internals and discussion of advanced techniques for seasoned users. The official ModSecurity Reference Manual is included in the second part of the book. A digital version is available. For more information and to access the online companion, go to www.modsecurityhandbook.com ABOUT THE AUTHOR Ivan Ristic is a respected security expert and author, known especially for his contribution to the web application firewall field and the development of ModSecurity, the open source web application firewall. He is also the author of Apache Security, a comprehensive security guide for the Apache web server. A frequent speaker at computer security conferences, Ivan is an active participant in the application security community, a member of the Open Web Application Security Project, and an officer of the Web Application Security Consortium.
  

What people are saying - Write a review

We haven't found any reviews in the usual places.

Contents

X
3
XIII
4
XIV
9
XV
18
XVI
21
XVII
23
XVIII
24
XIX
30
CXVIII
215
CXIX
216
CXX
217
CXXI
220
CXXII
222
CXXIV
224
CXXV
225
CXXVI
226

XX
31
XXI
32
XXII
33
XXIII
34
XXIV
36
XXV
37
XXVI
38
XXVIII
40
XXIX
41
XXX
42
XXXI
43
XXXIII
44
XXXV
45
XXXVI
46
XXXVII
47
XXXVIII
49
XL
52
XLI
56
XLII
62
XLIII
66
XLV
67
XLVII
68
XLIX
71
LI
72
LII
78
LIII
79
LIV
83
LV
85
LVII
86
LVIII
87
LXI
88
LXII
91
LXIII
92
LXIV
93
LXV
95
LXVI
96
LXVII
97
LXVIII
98
LXIX
99
LXX
100
LXXI
102
LXXII
103
LXXIII
105
LXXV
111
LXXVI
114
LXXVII
116
LXXVIII
117
LXXIX
119
LXXX
120
LXXXI
122
LXXXIII
125
LXXXIV
127
LXXXV
131
LXXXVI
138
LXXXVII
145
LXXXVIII
147
LXXXIX
149
XCI
152
XCII
157
XCIII
161
XCIV
164
XCV
171
XCVI
175
XCVII
179
XCVIII
181
C
184
CI
185
CII
189
CIII
193
CIV
197
CV
199
CVII
203
CVIII
204
CIX
205
CX
206
CXIII
208
CXV
209
CXVI
211
CXXVII
228
CXXVIII
231
CXXIX
235
CXXX
238
CXXXI
239
CXXXII
241
CXXXV
242
CXXXVII
243
CXXXIX
244
CXLI
246
CXLIV
247
CXLV
248
CXLVII
249
CL
250
CLIII
251
CLV
252
CLVII
253
CLIX
254
CLXII
255
CLXV
256
CLXVII
257
CLXX
258
CLXXIII
259
CLXXV
260
CLXXVIII
262
CLXXIX
263
CLXXXII
264
CLXXXIV
265
CLXXXVI
267
CXCI
268
CXCVII
269
CCIII
270
CCV
271
CCIX
272
CCXI
273
CCXX
274
CCXXVI
275
CCXXX
276
CCXXXV
277
CCXLI
278
CCXLV
279
CCL
280
CCLVI
281
CCLXI
282
CCLXVII
283
CCLXXII
284
CCLXXVII
287
CCLXXVIII
288
CCLXXXVI
289
CCXCI
290
CCXCIX
291
CCCVII
293
CCCIX
294
CCCXII
295
CCCXIV
296
CCCXV
297
CCCXVIII
298
CCCXX
299
CCCXXIII
300
CCCXXVII
301
CCCXXXI
302
CCCXXXIV
303
CCCXL
304
CCCXLII
305
CCCXLV
306
CCCXLVIII
307
CCCL
309
CCCLV
310
CCCLIX
311
CCCLXII
312
CCCLXIII
313
CCCLXV
314
CCCLXVIII
315
CCCLXXI
316
CCCLXXIII
317
CCCLXXV
321
CCCLXXVI
333
Copyright

Common terms and phrases

About the author (2010)

Ivan Ristic is a security researcher, engineer, and author, known especially for his contributions to the web application firewall field and development of ModSecurity, an open source web application firewall, and for his SSL/TLS and PKI research, tools, and guides published on the SSL Labs web site. Ivan is an active participant in the security community, and you'll often find him speaking at security conferences, such as Black Hat, RSA, OWASP AppSec, and others. He's currently Director of Application Security Research at Qualys.

Bibliographic information