Better protection with Apache’s ModSecurity module

WATCHDOG

Author(s):

The Apache ModSecurity module provides extra protection for your web server. We'll show you why this optional application firewall is quickly becoming a favorite of webmasters and security experts.

Most commercial web servers are devoted to the purpose of serving up dynamic, script-generated content in a reliable way. The very nature of the Internet means that unkown visitors from anywhere in the world may pay a visit to the site. Unfortunately, this all-important interaction between visitors and the web application opens up an attack vector. A skillful attacker could use a vulnerability to gain unauthorized access to the web server, and, once inside, the intruder could employ adidtional tools and tricks to do things that developers or webmasters never intended. The potential for damage is enormous, ranging from exposed contents of confidential files to a complete root compromise. Cleanly programmed web applications provide one meaningful approach to preventing this kind of abuse, but the path is fraught with difficulty. Even the most experienced programmers are caught out from time to time, as vulnerabilities in established web applications just go to show.

Read full article as PDF:

Protection_with_Apache_ModSecurity.pdf (237.41 kB)

Related content

  • Security Lessons

    Learn more about protecting your website with NoScript, ModSecurity, and Site Security Policy.

  • Web Attacks Using HTTP Parameter Pollution

    At the OWASP AppSec Poland 2009 web security conference two Italian security experts presented a new kind of web application attack threat. The presentation slides for the method called HTTP Parameter Pollution (HPP) are now available online.

  • Portsmith

    The Linux packet filter iptables lacks a function that dynamically enables ports for authenticated users. Portsmith plugs this gap, allowing users to enable their own connections.

  • Snort

    Search out hidden attacks with the Snort intrusion detection system.

  • Stopping Drive-By Attacks

    You won't find a perfect solution to the growing problem of drive-by attacks, but many tools are available to help you keep malicious code off your network.

comments powered by Disqus

Direct Download

Read full article as PDF:

Protection_with_Apache_ModSecurity.pdf (237.41 kB)

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia