Defending your web applications against hackers and attackers
The top-selling book Web Application Hacker's Handbook showed how attackers and hackers identify and attack vulnerable live web applications. This new Web Application Defender's Cookbook is the perfect counterpoint to that book: it shows you how to defend. Authored by a highly credentialed defensive security expert, this new book details defensive security methods and can be used as courseware for training network security personnel, web server administrators, and security consultants.
Each "recipe" shows you a way to detect and defend against malicious behavior and provides working code examples for the ModSecurity web application firewall module. Topics include identifying vulnerabilities, setting hacker traps, defending different access points, enforcing application flows, and much more.
- Provides practical tactics for detecting web attacks and malicious behavior and defending against them
- Written by a preeminent authority on web application firewall technology and web application defense tactics
- Offers a series of "recipes" that include working code examples for the open-source ModSecurity web application firewall module
Find the tools, techniques, and expert information you need to detect and respond to web application attacks with Web Application Defender's Cookbook: Battling Hackers and Protecting Users.
- Amazon Sales Rank: #378024 in Books
- Brand: Brand: Wiley
- Published on: 2012-12-10
- Original language:
- Number of items: 1
- Dimensions: 9.30" h x
1.15" w x
- Binding: Paperback
- 552 pages
- Used Book in Good Condition
For those that want to ensure their web sites are as secure as possible, their developers should certainly implement the delicious recipes in Web Application Defender's Cookbook. (RSA Conference, Jan 2013)
From the Back Cover
100+ recipes to improve your defenses
Are your web applications secure? Do you know how to lock down new web applications when they are placed into production? Do you know if attackers are trying to break into your site and steal data or cause other harm? The solutions in this book provide answers to these critical questions and increase your ability to thwart malicious activity within your web applications.
Each recipe includes background data explaining how the attack works, an ingredients list, and step-by-step directions. You'll learn how to prepare for attacks, analyze web transactions for malicious activity, and respond with the best solutions. ModSecurity, a versatile, open source web application firewall module for Apache, Microsoft IIS, and Nginx web server platforms, is used to demonstrate each defensive technique.
- Implement full HTTP auditing for incident response
- Utilize virtual patching processes to remediate identified vulnerabilities
- Deploy web tripwires (honeytraps) to identify malicious users
- Detect when users are acting abnormally
- Analyze uploaded files and web content for malware
- Recognize when web applications leak sensitive user or technical data
- Respond to attacks with varying levels of force
About the Author
RYAN BARNETT is a Lead Security Researcher in Trustwave's SpiderLabs Team, an advanced security team focused on penetration testing, incident response, and application security. He is the ModSecurity web application firewall project lead, a SANS Institute certified instructor, and a frequent speaker at industry conferences.
Most helpful customer reviews
0 of 1 people found the following review helpful.
Very informative and will be used extensively
44 of 52 people found the following review helpful.
This is a modsecurity book ONLY
By Reader Bob
The description seemed misleading. This book dedicates its entirety to apache modsecurity. Any and all of the defenses are with modsecurity.
So, 5 stars if you wanted a book on modsecurity. I obviously did not.
The defenses were basic and probably well written out, if you use modsecurity and need help understanding it. I personally have no use for this book and a complete waste of money.
Most of us would think 'web application' as our program we built as a web application. Apache is a webserver. I was hoping for a book that might have extra guidelines or thoughts on adding great things to your web apps to defend them.
This book does none of that for me.
So, if you are not looking for mod security info, do not waste money. Seller should add 'modsecurity' only and possibly renamed the book as 'Modsecurity used to defend web apps' or something.
to top it off, this book is not 'new'...it has scratches all over the cover. If it is new then it was damaged from shipping...
EDIT: I have contacted wiley and a rep will be getting back to me about changing this description from 'great techniques AND some madsecurity code' to 'modsecurity techniques only'
Don't be misled by the small blurb about mod_security...this is all the book is, pure mod_Security.
Personally, if you want to use mod_Security I would highly recommend this book..but if you are looking for this as a companion to the hackers handbooks to beef up your web app security, then you will be completely disappointed and out 30 bucks.
0 of 1 people found the following review helpful.
See all 6 customer reviews...