Web Application Defender's Cookbook: Battling Hackers and Protecting Users

Web Application Defender's Cookbook: Battling Hackers and Protecting Users
By Ryan C. Barnett

List Price: $50.00
Price: $36.26 Details

Availability: Usually ships in 24 hours
Ships from and sold by Amazon.com

39 new or used available from $8.63

Average customer review:
(6 customer reviews)

Product Description

Defending your web applications against hackers and attackers

The top-selling book Web Application Hacker's Handbook showed how attackers and hackers identify and attack vulnerable live web applications. This new Web Application Defender's Cookbook is the perfect counterpoint to that book: it shows you how to defend. Authored by a highly credentialed defensive security expert, this new book details defensive security methods and can be used as courseware for training network security personnel, web server administrators, and security consultants.

Each "recipe" shows you a way to detect and defend against malicious behavior and provides working code examples for the ModSecurity web application firewall module. Topics include identifying vulnerabilities, setting hacker traps, defending different access points, enforcing application flows, and much more.

  • Provides practical tactics for detecting web attacks and malicious behavior and defending against them
  • Written by a preeminent authority on web application firewall technology and web application defense tactics 
  • Offers a series of "recipes" that include working code examples for the open-source ModSecurity web application firewall module

Find the tools, techniques, and expert information you need to detect and respond to web application attacks with Web Application Defender's Cookbook: Battling Hackers and Protecting Users.

Product Details

  • Amazon Sales Rank: #378024 in Books
  • Brand: Brand: Wiley
  • Published on: 2012-12-10
  • Original language: English
  • Number of items: 1
  • Dimensions: 9.30" h x 1.15" w x 7.40" l, 1.76 pounds
  • Binding: Paperback
  • 552 pages


  • Used Book in Good Condition

Editorial Reviews

For those that want to ensure their web sites are as secure as possible, their developers should certainly implement the delicious recipes in Web Application Defender's Cookbook. (RSA Conference, Jan 2013)

From the Back Cover

100+ recipes to improve your defenses

Are your web applications secure? Do you know how to lock down new web applications when they are placed into production? Do you know if attackers are trying to break into your site and steal data or cause other harm? The solutions in this book provide answers to these critical questions and increase your ability to thwart malicious activity within your web applications.

Each recipe includes background data explaining how the attack works, an ingredients list, and step-by-step directions. You'll learn how to prepare for attacks, analyze web transactions for malicious activity, and respond with the best solutions. ModSecurity, a versatile, open source web application firewall module for Apache, Microsoft IIS, and Nginx web server platforms, is used to demonstrate each defensive technique.

Learn to:

  • Implement full HTTP auditing for incident response
  • Utilize virtual patching processes to remediate identified vulnerabilities
  • Deploy web tripwires (honeytraps) to identify malicious users
  • Detect when users are acting abnormally
  • Analyze uploaded files and web content for malware
  • Recognize when web applications leak sensitive user or technical data
  • Respond to attacks with varying levels of force

About the Author

RYAN BARNETT is a Lead Security Researcher in Trustwave's SpiderLabs Team, an advanced security team focused on penetration testing, incident response, and application security. He is the ModSecurity web application firewall project lead, a SANS Institute certified instructor, and a frequent speaker at industry conferences.

Customer Reviews

Most helpful customer reviews

0 of 1 people found the following review helpful.
5Five Stars
By Thermaln2
Very informative and will be used extensively

44 of 52 people found the following review helpful.
1This is a modsecurity book ONLY
By Reader Bob
The description seemed misleading. This book dedicates its entirety to apache modsecurity. Any and all of the defenses are with modsecurity.

So, 5 stars if you wanted a book on modsecurity. I obviously did not.

The defenses were basic and probably well written out, if you use modsecurity and need help understanding it. I personally have no use for this book and a complete waste of money.

Most of us would think 'web application' as our program we built as a web application. Apache is a webserver. I was hoping for a book that might have extra guidelines or thoughts on adding great things to your web apps to defend them.

This book does none of that for me.

So, if you are not looking for mod security info, do not waste money. Seller should add 'modsecurity' only and possibly renamed the book as 'Modsecurity used to defend web apps' or something.

buyer beware.

to top it off, this book is not 'new'...it has scratches all over the cover. If it is new then it was damaged from shipping...

EDIT: I have contacted wiley and a rep will be getting back to me about changing this description from 'great techniques AND some madsecurity code' to 'modsecurity techniques only'

Don't be misled by the small blurb about mod_security...this is all the book is, pure mod_Security.

Personally, if you want to use mod_Security I would highly recommend this book..but if you are looking for this as a companion to the hackers handbooks to beef up your web app security, then you will be completely disappointed and out 30 bucks.

0 of 1 people found the following review helpful.
5Five Stars
By Virgie

See all 6 customer reviews...

Connect with defaultLogic
What We've Done
Led Digital Marketing Efforts of Top 500 e-Retailers.
Worked with Top Brands at Leading Agencies.
Successfully Managed Over $50 million in Digital Ad Spend.
Developed Strategies and Processes that Enabled Brands to Grow During an Economic Downturn.
Taught Advanced Internet Marketing Strategies at the graduate level.

Manage research, learning and skills at defaultLogic. Create an account using LinkedIn or facebook to manage and organize your IT knowledge. defaultLogic works like a shopping cart for information -- helping you to save, discuss and share.

  Contact Us