| | | Dedication |
| | | Copyright |
| | | Preface |
| | | | Audience |
| | | | Scope |
| | | | Contents of This Book |
| | | | Online Companion |
| | | | Conventions Used in This Book |
| | | | Using Code Examples |
| | | | We'd Like to Hear from You |
| | | | Safari Enabled |
| | | | Acknowledgments |
| | | Chapter 1. Apache Security Principles |
| | | | Section 1.1. Security Definitions |
| | | | Section 1.2. Web Application Architecture Blueprints |
| | | Chapter 2. Installation and Configuration |
| | | | Section 2.1. Installation |
| | | | Section 2.2. Configuration and Hardening |
| | | | Section 2.3. Changing Web Server Identity |
| | | | Section 2.4. Putting Apache in Jail |
| | | Chapter 3. PHP |
| | | | Section 3.1. Installation |
| | | | Section 3.2. Configuration |
| | | | Section 3.3. Advanced PHP Hardening |
| | | Chapter 4. SSL and TLS |
| | | | Section 4.1. Cryptography |
| | | | Section 4.2. SSL |
| | | | Section 4.3. OpenSSL |
| | | | Section 4.4. Apache and SSL |
| | | | Section 4.5. Setting Up a Certificate Authority |
| | | | Section 4.6. Performance Considerations |
| | | Chapter 5. Denial of Service Attacks |
| | | | Section 5.1. Network Attacks |
| | | | Section 5.2. Self-Inflicted Attacks |
| | | | Section 5.3. Traffic Spikes |
| | | | Section 5.4. Attacks on Apache |
| | | | Section 5.5. Local Attacks |
| | | | Section 5.6. Traffic-Shaping Modules |
| | | | Section 5.7. DoS Defense Strategy |
| | | Chapter 6. Sharing Servers |
| | | | Section 6.1. Sharing Problems |
| | | | Section 6.2. Distributing Configuration Data |
| | | | Section 6.3. Securing Dynamic Requests |
| | | | Section 6.4. Working with Large Numbers of Users |
| | | Chapter 7. Access Control |
| | | | Section 7.1. Overview |
| | | | Section 7.2. Authentication Methods |
| | | | Section 7.3. Access Control in Apache |
| | | | Section 7.4. Single Sign-on |
| | | Chapter 8. Logging and Monitoring |
| | | | Section 8.1. Apache Logging Facilities |
| | | | Section 8.2. Log Manipulation |
| | | | Section 8.3. Remote Logging |
| | | | Section 8.4. Logging Strategies |
| | | | Section 8.5. Log Analysis |
| | | | Section 8.6. Monitoring |
| | | Chapter 9. Infrastructure |
| | | | Section 9.1. Application Isolation Strategies |
| | | | Section 9.2. Host Security |
| | | | Section 9.3. Network Security |
| | | | Section 9.4. Using a Reverse Proxy |
| | | | Section 9.5. Network Design |
| | | Chapter 10. Web Application Security |
| | | | Section 10.1. Session Management Attacks |
| | | | Section 10.2. Attacks on Clients |
| | | | Section 10.3. Application Logic Flaws |
| | | | Section 10.4. Information Disclosure |
| | | | Section 10.5. File Disclosure |
| | | | Section 10.6. Injection Flaws |
| | | | Section 10.7. Buffer Overflows |
| | | | Section 10.8. Evasion Techniques |
| | | | Section 10.9. Web Application Security Resources |
| | | Chapter 11. Web Security Assessment |
| | | | Section 11.1. Black-Box Testing |
| | | | Section 11.2. White-Box Testing |
| | | | Section 11.3. Gray-Box Testing |
| | | Chapter 12. Web Intrusion Detection |
| | | | Section 12.1. Evolution of Web Intrusion Detection |
| | | | Section 12.2. Using mod_security |
| | | Appendix A. Tools |
| | | | Section A.1. Learning Environments |
| | | | Section A.2. Information-Gathering Tools |
| | | | Section A.3. Network-Level Tools |
| | | | Section A.4. Web Security Scanners |
| | | | Section A.5. Web Application Security Tools |
| | | | Section A.6. HTTP Programming Libraries |
| | | Colophon |
| | | Index |