- Paperback: 432 pages
- Publisher: O'Reilly Media; 1 edition (4 Mar 2005)
- Language English
- ISBN-10: 0596007248
- ISBN-13: 978-0596007249
- Product Dimensions: 23.4 x 18 x 2.3 cm
- Average Customer Review: 5.0 out of 5 stars See all reviews (1 customer review)
-
Amazon Bestsellers Rank:
607,471 in Books (See Top 100 in Books)
- #1 in Books > Computers & Internet > Computer Science > Networking & Security > Security > Programming > Apache
- #27 in Books > Computers & Internet > Computer Science > Networking & Security > Security > Viruses
- #49 in Books > Computers & Internet > Software & Graphics > Applications > Apache
- See Complete Table of Contents
Did you know you can trade in your old books for an Amazon.co.uk Gift Card to spend on the things you want? Visit the Amazon.co.uk Trade-In Store for more details. |
Product details |
More About the Author
Product Description
Product Description
With more than 67% of web servers running Apache, it is by far the most widely used web server platform in the world. Apache has evolved into a powerful system that easily rivals other HTTP servers in terms of functionality, efficiency, and speed. Despite these impressive capabilities, though, Apache is only a beneficial tool if it's a secure one.
To be sure, administrators installing and configuring Apache still need a sure-fire way to secure it--whether it's running a huge e-commerce operation, corporate intranet, or just a small hobby site.
Our new guide, Apache Security, gives administrators and webmasters just what they crave--a comprehensive security source for Apache. Successfully combining Apache administration and web security topics, Apache Security speaks to nearly everyone in the field. What's more, it offers a concise introduction to the theory of securing Apache, as well as a broad perspective on server security in general.
But this book isn't just about theory. The real strength of Apache Security lies in its wealth of interesting and practical advice, with many real-life examples and solutions. Administrators and programmers will learn how to:
- install and configure Apache
- prevent denial of service (DoS) and other attacks
- securely share servers
- control logging and monitoring
- secure custom-written web applications
- conduct a web security assessment
- use mod_security and other security-related modules
From the Publisher
This all-purpose guide for locking down Apache arms readers with all the information they need to securely deploy applications. Administrators and programmers alike will benefit from a concise introduction to the theory of securing Apache, plus a wealth of practical advice and real-life examples. Topics covered include installation, server sharing, logging and monitoring, web applications, PHP and SSL/TLS, and more.
Inside This Book
(Learn More)
Suggested Tags from Similar Products(What's this?)Be the first one to add a relevant tag (keyword that's strongly related to this product)
|
Sell a Digital Version of This Book in the Kindle Store
If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store.
Learn more
What Other Items Do Customers Buy After Viewing This Item?
Customer Reviews
|
Share your thoughts with other customers:
|
||||||||||||||||||||||
|
Most Helpful Customer Reviews
8 of 8 people found the following review helpful:
5.0 out of 5 stars
The place to start if you're deplying Apache web servers,
This review is from: Apache Security (Paperback)
This book has good explanations, meaningful illustrations, and give you a recipe on how to install and deploy your Apache web server in a secure manner. You don't have to have in-depth knowledge beforehand, the author is very good at explaining as he moves on in the chapters. As a bonus you get a brief review of handy test tools (although many of these will be well-known if you've been interested in security for a while). My #1 Apache book.
Share your thoughts with other customers: Create your own review
Most Helpful Customer Reviews on Amazon.com (beta) Amazon.com:
4.8 out of 5 stars (16 customer reviews) 20 of 20 people found the following review helpful:
5.0 out of 5 stars
The single best Apache security book in print,
By Richard Bejtlich "TaoSecurity" - Published on Amazon.com
This review is from: Apache Security (Paperback)
I recently received copies of Apache Security (AS) by Ivan Ristic and Preventing Web Attacks with Apache (PWAWA) by Ryan Barnett. I read AS first, then PWAWA. Both are excellent books, but I expect potential readers want to know which is best for them. The following is a radical simplification, and I could honestly recommend readers buy either (or both) books. If you are more concerned with a methodical, comprehensive approach to securing Apache, choose AS. If you want more information on offensive aspects of Web security, choose PWAWA.
Before I go further, I must mention that Ivan Ristic cites me and my books twice, on pages 2 and 229. While humbling, I tried not to let this fact influence my review. AS is an extremely well-thought-out book. My favorite aspect of AS is the decision to start with a blank httpd.conf file, rather than accepting the file packaged with Apache and making edits as needed. By building up httpd.conf from scratch, the author shows exactly what components are needed in a very clear manner. This was not the approach used by PWAWA. I would like to see other technical books adopt this teaching method. AS includes better coverage of several topics which I believe are core to securing Apache. I liked AS' discussion of chroot environments and jails, although the author should distinguish between chroot on Linux or BSD and jail on BSD alone. AS features a whole chapter on proper PHP deployment (Ch 3), and a whole chapter on SSL/TLS (Ch 4). AS devotes another chapter to explaining how to host multiple Web sites on one host (Ch 6), which is critical to many Apache environments. AS' chapter on Web infrastructure (CH 9) also covers topics not found in PWAWA. AS is also less explicitly Linux-centric than PWAWA. As a primary FreeBSD user, I found AS' approach more applicable to my environment. PWAWA seemed to assume everyone was running Red Hat Linux. It's fine to use a single OS for all examples, but I had to personally identify tools and techniques that would probably only work on Red Hat. I had very little trouble with any of the text in AS. My main concerns involve Ch 1, where the author spends time on certain security concepts. I would consider the following with regards to threat modeling on p. 5: (asset) what might be compromised; (motivation) why compromise; (vulnerabilities) where compromised; (attack) how compromised; (threat) who compromised you; (risk) threat X vulnerability X asset value. On pp 9-10 the author should also have used the risk equation just mentioned. Overall, I really liked AS. The book really is about Apache security, so if you are more interested in attacking Apache you might prefer PWAWA. If you want to learn about Web application hacking in general, your best bets are probably Hacking Exposed: Web Applications, 2nd Ed, and Professional Pen Testing for Web Applications. I will read and review those two books shortly. 7 of 7 people found the following review helpful:
5.0 out of 5 stars
Comprehensive, task-oriented web security cookbook,
By Kiwi - Published on Amazon.com
This review is from: Apache Security (Paperback)
This comprehensive, systematic, task-oriented book covers all the alternative approaches to securing servers -- from secure to paranoid -- complete with examples to demonstrate vulnerabilities such as session management, (Javascript) cross-site scripting, and SQL injection. Subjects such as hardening PHP, shared-server vulnerabilities, and logging/monitoring, each get a whole chapter. This up-to-date, well-written (concise yet encyclopedic) book will be indispensible to system designers, administrators and programmers.
5 of 5 people found the following review helpful:
5.0 out of 5 stars
Used every morning with coffee,
By webhostgear.com "webhostgear.com" - Published on Amazon.com
This review is from: Apache Security (Paperback)
I recently heard about a new book out that is just about Apache Security written by Ivan Ristic. I haven't ever really found many books on this topic and wondered why since its such a widely popular web server. Ivan Ristic is well known for being the single man behind an invaluable tool for web servers called mod_security.
So many security related books are very expensive and thousands of pages long, which is great if you have lots of time but no system admin does. Apache Security is both thorough and quick to get through while walking you through the most imporant issues you'll encounter or never thought about until now. First off go buy the book, don't bother to read this review at http://www.webhostgear.com/313.html It's really that good. I use it on a daily basis and keep a copy at the office and at home. I advise anyone that owns a server or works with Apache to get this book, you won't be disappointed. It's not for somoene that's completely a newbie to web servers, I recommend it more for someone with a bit of experience or advanced user of Linux. Since this isn't a book on dummy installations but about security so you need a basic understanding of file permissions and so on. |
|
Listmania!
|
|
Look for similar items by category
- Books > Computing & Internet > Computer Science > Information Systems
- Books > Computing & Internet > Databases > Database Theory
- Books > Computing & Internet > Digital Lifestyle > Online Shopping > Amazon
- Books > Computing & Internet > Networking & Security > Security > Network Security
- Books > Computing & Internet > Networking & Security > Security > Programming > Apache
- Books > Computing & Internet > Networking & Security > Security > Viruses
- Books > Computing & Internet > Web Development > Web-server Software > Apache
Look for similar items by subject
Feedback
- Would you like to update product info or give feedback on images?
- I am the Author, and I want to comment on my book.
- I am the Publisher, and I want to comment on this book.
