Gebraucht kaufen
EUR 18,28
+ EUR 3,00 Versandkosten
Gebraucht: Gut | Details
Verkauft von Deal DE
Zustand: Gebraucht: Gut
Kommentar: Dieses Buch ist in gutem, sauberen Zustand. Seiten und Einband sind intakt.
Ihren Artikel jetzt
eintauschen und
EUR 4,64 Gutschein erhalten.
Möchten Sie verkaufen?
Zur Rückseite klappen Zur Vorderseite klappen
Anhören Wird wiedergegeben... Angehalten   Sie hören eine Probe der Audible-Audioausgabe.
Weitere Informationen
Alle 2 Bilder anzeigen

Apache Security (Englisch) Taschenbuch – 4. März 2005

Alle Formate und Ausgaben anzeigen Andere Formate und Ausgaben ausblenden
Amazon-Preis Neu ab Gebraucht ab
"Bitte wiederholen"
EUR 110,86 EUR 18,28
4 neu ab EUR 110,86 9 gebraucht ab EUR 18,28
Jeder kann Kindle Bücher lesen — selbst ohne ein Kindle-Gerät — mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.


  • Taschenbuch: 420 Seiten
  • Verlag: O'Reilly & Associates; Auflage: 1 (4. März 2005)
  • Sprache: Englisch
  • ISBN-10: 0596007248
  • ISBN-13: 978-0596007249
  • Größe und/oder Gewicht: 17,8 x 2,3 x 23,3 cm
  • Durchschnittliche Kundenbewertung: 4.0 von 5 Sternen  Alle Rezensionen anzeigen (2 Kundenrezensionen)
  • Amazon Bestseller-Rang: Nr. 298.879 in Fremdsprachige Bücher (Siehe Top 100 in Fremdsprachige Bücher)
  • Komplettes Inhaltsverzeichnis ansehen

Mehr über die Autoren

Entdecken Sie Bücher, lesen Sie über Autoren und mehr



With more than 67 per cent of web servers running Apache, it is by far the most widely used web server platform in the world. Apache has evolved into a powerful system that easily rivals other HTTP servers in terms of functionality, efficiency, and speed. Despite these impressive capabilities, though, Apache is only a beneficial tool if it's a secure one. To be sure, administrators installing and configuring Apache still need a sure-fire way to secure it--whether it's running a huge e-commerce operation, corporate intranet, or just a small hobby site. Our new guide, Apache Security, gives administrators and webmasters just what they crave--a comprehensive security source for Apache. Successfully combining Apache administration and web security topics, Apache Security speaks to nearly everyone in the field. What's more, it offers a concise introduction to the theory of securing Apache, as well as a broad perspective on server security in general. But this book isn't just about theory. The real strength of Apache Security lies in its wealth of interesting and practical advice, with many real-life examples and solutions.

Administrators and programmers will learn how to: * install and configure Apache * prevent denial of service (DoS) and other attacks * securely share servers * control logging and monitoring * secure custom-written web applications * conduct a web security assessment * use mod_security and other security-related modules And that's just the tip of the iceberg, as mainstream Apache users will also gain valuable information on PHP and SSL/ TLS. Clearly, Apache Security is packed and to the point, with plenty of details for locking down this extremely popular and versatile web server.

Über den Autor und weitere Mitwirkende

Ivan Ristic is a Web security specialist and the author of mod_security, an open source intrusion detection and prevention engine for web applications. He is currently working on Apache Security for O'Reilly.

In diesem Buch (Mehr dazu)
Ausgewählte Seiten ansehen
Buchdeckel | Copyright | Inhaltsverzeichnis | Auszug | Stichwortverzeichnis | Rückseite
Hier reinlesen und suchen:


4.0 von 5 Sternen
5 Sterne
4 Sterne
3 Sterne
2 Sterne
1 Sterne
Beide Kundenrezensionen anzeigen
Sagen Sie Ihre Meinung zu diesem Artikel

Die hilfreichsten Kundenrezensionen

2 von 3 Kunden fanden die folgende Rezension hilfreich Von Legastheniker am 10. April 2007
Format: Taschenbuch
Abgesehen davon, dass das Buch vom Mod_Security Entwickler ist, gibt es nicht unbedingt einen Grund das Buch zu kaufen. Alle darin enthaltenen Informationen gibt es frei im Internet.

Ansonsten ist das Buch übersichtlich und gut geschrieben.
Kommentar War diese Rezension für Sie hilfreich? Ja Nein Feedback senden...
Vielen Dank für Ihr Feedback. Wenn diese Rezension unangemessen ist, informieren Sie uns bitte darüber.
Wir konnten Ihre Stimmabgabe leider nicht speichern. Bitte erneut versuchen
0 von 2 Kunden fanden die folgende Rezension hilfreich Von Marcel Sommer am 12. Februar 2007
Format: Taschenbuch
Der Author Ivan Ristic beschreibt in diesem Buch Angriffstechniken auf Apache Webserver und zeigt Möglichkeiten auf, diese zu unterbinden. Dabei bezieht er sich nicht nur auf die Vorgehensweise zum absichern des Webservers, sondern vermittelt auch in einer lockeren Art das dazu benötigte Hintergrundwissen.

Für Apache-Nutzer, die sich ein sicheres System aufbauen wollen, ist dieses Werk unverzichtbar. Kurzum, ein Meisterwerk, was eine Empfehlung wert ist.

Marcel Sommer
Kommentar War diese Rezension für Sie hilfreich? Ja Nein Feedback senden...
Vielen Dank für Ihr Feedback. Wenn diese Rezension unangemessen ist, informieren Sie uns bitte darüber.
Wir konnten Ihre Stimmabgabe leider nicht speichern. Bitte erneut versuchen

Die hilfreichsten Kundenrezensionen auf (beta) 16 Rezensionen
24 von 25 Kunden fanden die folgende Rezension hilfreich
The single best Apache security book in print 27. September 2006
Von Richard Bejtlich - Veröffentlicht auf
Format: Taschenbuch
I recently received copies of Apache Security (AS) by Ivan Ristic and Preventing Web Attacks with Apache (PWAWA) by Ryan Barnett. I read AS first, then PWAWA. Both are excellent books, but I expect potential readers want to know which is best for them. The following is a radical simplification, and I could honestly recommend readers buy either (or both) books. If you are more concerned with a methodical, comprehensive approach to securing Apache, choose AS. If you want more information on offensive aspects of Web security, choose PWAWA.

Before I go further, I must mention that Ivan Ristic cites me and my books twice, on pages 2 and 229. While humbling, I tried not to let this fact influence my review.

AS is an extremely well-thought-out book. My favorite aspect of AS is the decision to start with a blank httpd.conf file, rather than accepting the file packaged with Apache and making edits as needed. By building up httpd.conf from scratch, the author shows exactly what components are needed in a very clear manner. This was not the approach used by PWAWA. I would like to see other technical books adopt this teaching method.

AS includes better coverage of several topics which I believe are core to securing Apache. I liked AS' discussion of chroot environments and jails, although the author should distinguish between chroot on Linux or BSD and jail on BSD alone. AS features a whole chapter on proper PHP deployment (Ch 3), and a whole chapter on SSL/TLS (Ch 4). AS devotes another chapter to explaining how to host multiple Web sites on one host (Ch 6), which is critical to many Apache environments. AS' chapter on Web infrastructure (CH 9) also covers topics not found in PWAWA.

AS is also less explicitly Linux-centric than PWAWA. As a primary FreeBSD user, I found AS' approach more applicable to my environment. PWAWA seemed to assume everyone was running Red Hat Linux. It's fine to use a single OS for all examples, but I had to personally identify tools and techniques that would probably only work on Red Hat.

I had very little trouble with any of the text in AS. My main concerns involve Ch 1, where the author spends time on certain security concepts. I would consider the following with regards to threat modeling on p. 5: (asset) what might be compromised; (motivation) why compromise; (vulnerabilities) where compromised; (attack) how compromised; (threat) who compromised you; (risk) threat X vulnerability X asset value. On pp 9-10 the author should also have used the risk equation just mentioned.

Overall, I really liked AS. The book really is about Apache security, so if you are more interested in attacking Apache you might prefer PWAWA. If you want to learn about Web application hacking in general, your best bets are probably Hacking Exposed: Web Applications, 2nd Ed, and Professional Pen Testing for Web Applications. I will read and review those two books shortly.
7 von 7 Kunden fanden die folgende Rezension hilfreich
Used every morning with coffee 4. Februar 2006
Von - Veröffentlicht auf
Format: Taschenbuch
I recently heard about a new book out that is just about Apache Security written by Ivan Ristic. I haven't ever really found many books on this topic and wondered why since its such a widely popular web server. Ivan Ristic is well known for being the single man behind an invaluable tool for web servers called mod_security.

So many security related books are very expensive and thousands of pages long, which is great if you have lots of time but no system admin does. Apache Security is both thorough and quick to get through while walking you through the most imporant issues you'll encounter or never thought about until now.

First off go buy the book, don't bother to read this review at [...] It's really that good. I use it on a daily basis and keep a copy at the office and at home. I advise anyone that owns a server or works with Apache to get this book, you won't be disappointed. It's not

for somoene that's completely a newbie to web servers, I recommend it more for someone with a bit of experience or advanced user of Linux. Since this isn't a book on dummy installations but about security so you need a basic understanding of file permissions and so on.
7 von 7 Kunden fanden die folgende Rezension hilfreich
Comprehensive, task-oriented web security cookbook 11. April 2005
Von Kiwi - Veröffentlicht auf
Format: Taschenbuch
This comprehensive, systematic, task-oriented book covers all the alternative approaches to securing servers -- from secure to paranoid -- complete with examples to demonstrate vulnerabilities such as session management, (Javascript) cross-site scripting, and SQL injection. Subjects such as hardening PHP, shared-server vulnerabilities, and logging/monitoring, each get a whole chapter. This up-to-date, well-written (concise yet encyclopedic) book will be indispensible to system designers, administrators and programmers.
7 von 8 Kunden fanden die folgende Rezension hilfreich
Great book, useful for all Apache users 4. November 2005
Von Dr Anton Chuvakin - Veröffentlicht auf
Format: Taschenbuch
I thoroughly enjoyed Ivan's "Apache Security", even when I was a reviewer for an unfinished book. I remember how I was eagerly waiting to receive more new chapters from the publisher.

The book contains a nice combination of generic web stuff and Apache stuff. It starts with the discussion of security principles, such as defense-in-depth and minimum access privilege. Although not new, they are useful for those just entering the field, such as for beginner apache admins.

The chapter on Apache's installation and configuration sounds boring and many might be tempted to skip it. But it does contain a gem: a guide on setting Apache in a chroot jail!

PHP, a main web application platform for Apache at the time of this writing, is covered as well. I found some tips on PHP hardening that I didn't know previously. While the last PHP application I deployed was configured to be 'hackable' (it was a honeypot deployment, after all!), I found the tips to be practical.

One entertaining chapter is on denial-of-service attacks. There are many ways to overwhelm a network server, and Apache is now exception. It's a must-read for those running highly-available sites, where downtime costs a lot.

An important chapter covers Apache access control, from basic auth to single sign-on. Of course, of particular interest to me was a chapter on logging and monitoring, as it is one of my favorite subjects. Ivan did a great job covering not only logging facilities available within the server, but also log centralization, log analysis for security, integrity monitoring and other stuff. Distributed logging with Spread kit is indeed 'cool', just as Ivan mentions.

A brief chapter covers the security of the underlying 'infrastructure', such as the OS that Apache runs on. I liked the overview since it is not 'generic', but covers material relevant to running Apache web server.

Chapter 10-12 are at the center of the book, providing the core of the new material. Those cover web application attacks, web security assessment and web intrusion detection,. The latter is based on Ivan's famous mod_security Apache module. While web attacks are covered in many places, I think the overview in the book is clear, focused and useful even for those who do web security for a living. As far as the mod_security chapter is concerned, I would read it with most care since it covers a lot of advanced usage tips, not available elsewhere.

The book is well written, easy to follow and displays clear writing style. I would strongly recommend it to everybody who is involved in running Apache web servers, web applications or has web security as part of his job responsibility. Obviously, everybody who thinks that this subject is fun should also read it :-) Also, check out [...] for some free chapters, ToC, tools covered in the book, as well as a couple presentations given by Ivan. The book focuses on the defensive side, but mentions various attacks against web infrastructure as well.

Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior" and a contributor to "Know Your Enemy II" and the upcoming "Hacker's Challenge III". In his spare time, he maintains his security portal and his blog at O'Reilly. His next book will be about security log analysis.
4 von 4 Kunden fanden die folgende Rezension hilfreich
Much more than just Apache Security 11. Oktober 2007
Von Ryan Stille - Veröffentlicht auf
Format: Taschenbuch
I found this book while browsing the programming section of Borders (the programming section of my local Borders is amazing!), and I've found it to be a real gem.

The book covers so much more than just Apache security. It covers installation and configuration, and explains a little of how Apache works along the way. There are also chapters or sections on:

- Understanding and securing PHP
- An explanation of SSL
- DOS attacks
- Traffic shaping in Apache
- Logging is covered extensively
- There's a chapter on web security in general, where all the common attacks are explained
- Using Apache as a proxy or a reverse proxy

I especially enjoyed the Web Security Assessment chapter where the author explained how to systematically analyze and probe web applications/servers, with many real world examples.

There is a large section discussing mod_security, which is an amazing Apache module. Mod_security is an intrusion detection and prevention engine for web applications (a web application firewall). The book is written by the author of mod_security (Ivan Ristic), so he really knows what he's talking about in this area. Also covered is mod_dosevasive, which, obviously helps prevent against denial of service attacks.

I would not hesitate to recommend this book to any Apache administrator, user, or web programmer. Its one of my favorite books on my bookshelf.
Waren diese Rezensionen hilfreich? Wir wollen von Ihnen hören.