Apache Security

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [X]

WAFs (web application firewalls) 2nd [See also mod_security firewall module]

weakest link security principle weakness

web application analysis     page elements

     page parameters     spiders

     well-known directories

web application architectures     Apache changes, effect on 2nd

     security review of    views         Apache

         network

         user

web application firewalls [See WAFs] [See also mod_security firewall module]

web application security    application logic flaws [See web applications, logic flaws]

     buffer overflows

     chained vulnerabilities compromise example     client attacks

         phishing         typical

     configuration review

     evasion techniques         path obfuscation

         simple

         SQL injection

         Unicode encoding

         URL encoding

     file disclosure

         download script flaws

         path traversal

         predictable locations

         source code

    information disclosure [See information disclosure security issues]

     injection attacks

         code execution

         command execution         preventing         scripting, XSS

         SQL

     learning environments         WebGoat

         WebMaven

     null-byte attacks 2nd

     PHP safe mode

     resources

     session management attacks

         concepts         cookies

         design flaw example         good practices

         session tokens         sessions, attacks on

     sessions

         directory for not shared     tools

         commercial         Paros         WebScarab

web applications

     integration with reverse proxies

     isolation strategies

         modules         from servers

         virtual servers

     logic flaws         client-side validation

         cookies         hidden fields

         POST method

         process state management         real-life example

         referrer check

     logs

     WAFs

Web Distributed Authoring and Versioning [See WebDAV]

web of trust identity verification

web security assessment

     administrator responsibility

    black-box testing [See testing, black-box]

     gray-box testing

     security scanners

         Nessus

         Nikto

    white-box testing [See testing, white-box] web server treeweb servers

     analysis

         application enumeration         configuration problems

         configuration review

         default location searching

         exceptional requests response

         identifying the application server

         identifying the server

         SSL         vulnerabilities, probing known

     status monitoring         graphing 2nd

         mod_status module 2nd         mod_watch third-party module

         RRDtool

         scripts for         SNMP

         statistics, fetching and storing web site for book WebDAV (Web Distributed Authoring and Versioning) 2nd

WebGoat learning environment

WebMaven learning environment

WebScarab web application security tool