Author(s): Ryan C. Barnett
Publisher: Addison Wesley
Year: Jan 2006
ISBN: 0321321286
Language: English
File type: CHM
Pages: 624
Size (for download): 6 MB


Apache can be hacked. As companies have improved perimeter security, hackers have increasingly focused on attacking Apache Web servers and Web applications. Firewalls and SSL won't protect you: you must systematically harden your Web application environment. Preventing Web Attacks with Apache brings together all the information you'll need to do that: step-by-step guidance, hands-on examples, and tested configuration files.

Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against. Exploits discussed include: buffer overflows, denial of service, attacks on vulnerable scripts and programs, credential sniffing and spoofing, client parameter manipulation, brute force attacks, web defacements, and more.

Barnett introduces the Center for Internet Security Apache Benchmarks, a set of best-practice Apache security configuration actions and settings he helped to create. He addresses issues related to IT processes and your underlying OS; Apache downloading, installation, and configuration; application hardening; monitoring, and more. He also presents a chapter-length case study using actual Web attack logs and data captured "in the wild."

For every sysadmin, Web professional, and security specialist responsible for Apache or Web application security.

With this book, you will learn to:
- Address the OS-related flaws most likely to compromise Web server security
- Perform security-related tasks needed to safely download, configure, and install Apache
- Lock down your Apache httpd.conf file and install essential Apache security modules
- Test security with the CIS Apache Benchmark Scoring Tool
- Use the WASC Web Security Threat Classification to identify and mitigate application threats
- Test Apache mitigation settings against the Buggy Bank Web application
- Analyze an Open Web Proxy Honeypot to gather crucial intelligence about attackers
- Master advanced techniques for detecting and preventing intrusions


TABLE OF CONTENT:
Chapter 01 - Web Insecurity Contributing Factors
Chapter 02 - CIS Apache Benchmark
Chapter 03 - Downloading and Installing Apache
Chapter 04 - Configuring the httpd.conf File
Chapter 05 - Essential Security Modules for Apache
Chapter 06 - Using the Center for Internet Security Apache Benchmark Scoring Tool
Chapter 07 - Mitigating the WASC Web Security Threat Classification with Apache
Chapter 08 - Protecting a Flawed Web Application: Buggy Bank
Chapter 09 - Prevention and Countermeasures
Chapter 10 - Open Web Proxy Honeypot
Chapter 11 - Putting It All Together
Appendix A - Web Application Security Consortium Glossary
Appendix B - Apache Module Listing
Appendix C - Example httpd.conf File

C# was developed from the ground up to serve as the main language for Microsoft's new .NET framework--and to compete with Java. C# Web Development for ASP.NET (Visual QuickStart Guide) is aimed at beginning developers who may have experience with scripting languages but are not necessarily experienced with object-oriented languages. Using task-based examples and hundreds of screenshots, all code examples are presented in the context of ASP.NET development, aimed at Web developers. While C# Web Development for ASP.NET (Visual QuickStart Guide) does not attempt to teach everything about the .NET Framework, it clearly explains all you need to know to get up and running with the C# language. C# is the premier language of Microsoft's .NET framework. This text provides a task-based, visual, step-by-step guide to learning C#. Works like a reference book -- you look up what you need then get straight to work. Jose Mojica is an instructor and researcher.

Using Web Parts, ASP.NET developers can create portals with the same advanced features found in sites such as Live.com and Google ig.

ASP.NET 2.0 Web Parts in Action demystifies portal design, development, maintenance, and deployment. In over 400 code-packed pages, ASP.NET expert Darren Neimke shares his deep understanding of the controls and services that make up the portal framework.

This book will help you to code like a guru but think like a user. For example, you’ll discover how to use Web Parts to reduce four-step actions to a single click with a strategically-placed edit button. Learn to balance features and usability to make your portals both look good and work well.

ASP.NET 2.0 Web Parts in Action gives you the tools you need to move your ideas off the whiteboard and bring them to life. Find out how to provide the personalization options your users want while preserving the look and feel of your portals with solid designs and custom chrome. Create usable information dashboards and tackle tough interoperability questions with confidence.

All the information in this book is performance-tested. Author Darren Neimke walks you through Web Parts concepts including static and dynamic connections, WebPartManager, SQLPersonalizationProvider, and the hot new ASP.NET Atlas framework.

Whether you’re creating custom solutions or adding Web Parts to SharePoint 2007, exploring Atlas or dabbling in gadgets, ASP.NET 2.0 Web Parts in Action will get you started and guide you as you build successful portals using ASP.NET Web Parts.

For large-scale web application development, Visual Studio 2005 is the most capable product around. This book shows team members and leaders how to use its power in several key dimensions. You’ll master dozens of built-in features for creating a large, high-performance website based on ASP.NET 2.0. You’ll work seamlessly with dynamic data, both reading from and writing to databases. And throughout, you’ll learn how Visual Studio 2005 supports a more efficient group process in terms of design, development, and deployment. And everything is brought together with the enterprise-scale example, “ABC Incorporated,” that runs throughout the book. This is a book no web developer, and no web-dependent organization, should be without.

Coverage Includes

• Reaping the benefits of master pages and themes
• Generating site maps and other navigational aids automatically
• Building a shopping cart application for your website
• Adding search functionality to your website
• Creating a flexible user environment using Webpart technology
• Increasing application performance using client-side and server-side scripting technologies
• Giving users the ability to change the website’s theme to meet specific needs
• Using components and controls to add special effects and user customization
• Improving team efficiency using modern development and design techniques
• Monitoring and responding to usage statistics
• Combining technologies to get the best possible results from large applications
• Making your site accessible to everyone

Master Standards-Based Web Development Techniques New to Visual Studio 2005

Discover How Visual Studio 2005 Solves Team Development Issues, Such as Source Code Control and Application Design

Simplify Database Application Development without Compromising Security or Reliability

Microsoft’s Internet Information Server 6 is an Internet server program that works with the Windows Server 2003 operating system. IIS is Microsoft’s answer in the Internet server market to Apache, the open source and #1 Internet server in use. In the US 9.7 million servers run IIS (28 percent of the market) powering 5.3 million .com domains. Delivered as a fee add-on for the Windows 2003 Server, IIS 6 is a major upgrade from version 5 with increased security, better .NET programming integration, and stronger abilities to work with non-Microsoft languages and servers. Companies using IIS Server as part of their backend systems include: Krispy Kreme, AT&T, Home Shopping Network, Rolling Stone.com, plus many others.