ModSecurity 2.5

石头

作者：Magnus Mischel
出版日期：November 23, 2009
出版社：其它
页数：280
ISBN：ISBN-10: 1847194745 ISBN-13: 978-1847194749
文件格式：PDF

Prevent web application hacking with this easy to use guide

• Secure your system by knowing exactly how a hacker would break into it
• Covers writing rules in-depth and Modsecurity rule language elements such as variables, actions, and request phases
• Covers the common attacks in use on the Web, and ways to find thegeographical location of an attacker and send alert emails when attacksare discovered
• Packed with many real-life examples for better understanding

In Detail
With more than 67% of web servers running Apache and web-basedattacks becoming more and more prevalent, web security has become acritical area for web site managers. Most existing tools work on theTCP/IP level, failing to use the specifics of the HTTP protocol intheir operation. Mod_security is a module running on Apache, which willhelp you overcome the security threats prevalent in the online world.
A complete guide to using ModSecurity, this book will show you howto secure your web application and server, and does so by usingreal-world examples of attacks currently in use. It will help you learnabout SQL injection, cross-site scripting attacks, cross-site requestforgeries, null byte attacks, and many more so that you know howattackers operate.
Using clear, step-by-step instructions this book starts by teaching youhow to install and set up ModSecurity, before diving into the rulelanguage with examples. It assumes no prior knowledge of ModSecurity,so as long as you are familiar with basic Linux administration, you canstart to learn right away.
Real-life case studies are used to illustrate the dangers on the Webtoday – you will for example learn how the recent worm that hit Twitterworks, and how you could have used ModSecurity to stop it in itstracks. The mechanisms behind these and other attacks are described indetail, and you will learn everything you need to know to make sureyour server and web application remain unscathed on the increasinglydangerous web. Have you ever wondered how attackers figure out theexact web server version running on a system? They use a techniquecalled HTTP fingerprinting, and you will learn about this in depth andhow to defend against it by flying your web server under a “false flag”.
The last part of the book shows you how to really lock down a webapplication by implementing a positive security model that only allowsthrough requests that conform to a specific, pre-approved model, anddenying anything that is even the slightest bit out of line.
What you will learn from this book?

• Compile ModSecurity from source and install it on a Linux system
• Log any anomalous event and use the ModSecurity console to view logdata online so that attempted break-ins can be quickly discovered anddealt with
• Learn how a recent worm disabled Twitter and how it could have been stopped using ModSecurity
• Guard against web site defacement by having ModSecurity scan forunauthorized changes to your web pages then alert you about issues viaemail.
• Locate the geographical position of an attacker using ModSecurity applications
• Know how attackers operate by learning about SQL injection,cross-site scripting attacks, cross-site request forgeries, null byteattacks, and many more
• Put Apache in a chroot jail using ModSecurity – no more frustrating hours of tinkering to get everything working as it should
• Prevent HTTP fingerprinting by flying your Apache server under a false flag
• Protect against newly discovered vulnerabilities that don’t have avendor-supplied patch, using ModSecurity “just-in-time” patching
• Prevent the source code of your web application being shown to the world if something goes wrong with your server configuration
• Discover the real IP address of an attacker using ModSecurity, even if the attacker is behind a proxy server

Approach
This book teaches ModSecurity from the beginning to anyone withbasic Linux skills. It starts by focusing on introducing ModSecurity,and explaining the concept of ModSecurity rules and how to write them.Later, it looks at the performance of ModSecurity and what sort ofimpact ModSecurity has on the speed of your web application.
Who this book is written for?
This book is written for system administrators or anyone running anApache web server who wants to learn how to secure that server. Itassumes that you are familiar with using the Linux shell andcommand-line tools, but does its best to explain everything so thatthose who are not Linux experts can make full use of ModSecurity.