Spotlight customer reviews:
|
Customer Rating: 
Summary: Thorough security work on Apache
Comment: This book is a well written, in depth, look into the security issues around Apache and applications developed on top of Apache. The content is relevant, well explained, and very useful to both applications engineers and network security folks. Definitely a must read for those looking to deploy high load applications on the open Internet.
Customer Rating:
Summary: bolt down your Apache!
Comment: Apache is the most common web server out there. It has been heavily built up in functionality by volunteer programmers. Naturally, there are numerous books detailing all that you can do with it. Very versatile. Unfortunately, that is one of the problems! As many commercial websites use Apache, there is a huge incentive for crackers to subvert it in various fashions. Perhaps to get at the back end SQL database. In which might be stored useful information like people's names and credit card data.
Barnett offers inoculation. You can read this book as the sysadmin's manual to installing and running Apache. Where the overriding priority is to bolt down any known weaknesses from the get go.
There is a comprehensive list of attacks. Some might not necessarily be directed against Apache per se, but against any web server. But there are others that might scan for particular versions of Apache or the operating system, if these have bugs that can be exploited. The text suggests possibly providing disinformation. In an earlier, more innocent time, a web server might write its name and version at the bottom of a page that it publishes, for example. Now, you are shown how Apache can suppress this. Better yet, you can tell Apache to pretend to be another web server. A defensive fib that makes the cracker's job a little harder.
Buffer overflows, cross site scripting and SQL injection are possibly the most dangerous attacks explained. For each attack, examples are usually given. Followed by Apache countermeasures. Tangentially, you also get to cast scrutiny at your database and at the entire way your multitier server system is arranged.
The book is a sad but necessary commentary on the times we live in.
|
|
|
