文件名称:apache security 安全
文件大小:1.61MB
文件格式:CHM
更新时间:2012-11-01 03:34:53
apache security
Preface Audience Scope Contents of This Book Online Companion Conventions Used in This Book Using Code Examples We'd Like to Hear from You Safari Enabled Acknowledgments Chapter 1. Apache Security Principles Section 1.1. Security Definitions Section 1.2. Web Application Architecture Blueprints Chapter 2. Installation and Configuration Section 2.1. Installation Section 2.2. Configuration and Hardening Section 2.3. Changing Web Server Identity Section 2.4. Putting Apache in Jail Chapter 3. PHP Section 3.1. Installation Section 3.2. Configuration Section 3.3. Advanced PHP Hardening Chapter 4. SSL and TLS Section 4.1. Cryptography Section 4.2. SSL Section 4.3. OpenSSL Section 4.4. Apache and SSL Section 4.5. Setting Up a Certificate Authority Section 4.6. Performance Considerations Chapter 5. Denial of Service Attacks Section 5.1. Network Attacks Section 5.2. Self-Inflicted Attacks Section 5.3. Traffic Spikes Section 5.4. Attacks on Apache Section 5.5. Local Attacks Section 5.6. Traffic-Shaping Modules Section 5.7. DoS Defense Strategy Chapter 6. Sharing Servers Section 6.1. Sharing Problems Section 6.2. Distributing Configuration Data Section 6.3. Securing Dynamic Requests Section 6.4. Working with Large Numbers of Users Chapter 7. Access Control Section 7.1. Overview Section 7.2. Authentication Methods Section 7.3. Access Control in Apache Section 7.4. Single Sign-on Chapter 8. Logging and Monitoring Section 8.1. Apache Logging Facilities Section 8.2. Log Manipulation Section 8.3. Remote Logging Section 8.4. Logging Strategies Section 8.5. Log Analysis Section 8.6. Monitoring Chapter 9. Infrastructure Section 9.1. Application Isolation Strategies Section 9.2. Host Security Section 9.3. Network Security Section 9.4. Using a Reverse Proxy Section 9.5. Network Design Chapter 10. Web Application Security Section 10.1. Session Management Attacks Section 10.2. Attacks on Clients Section 10.3. Application Logic Flaws Section 10.4. Information Disclosure Section 10.5. File Disclosure Section 10.6. Injection Flaws Section 10.7. Buffer Overflows Section 10.8. Evasion Techniques Section 10.9. Web Application Security Resources Chapter 11. Web Security Assessment Section 11.1. Black-Box Testing Section 11.2. White-Box Testing Section 11.3. Gray-Box Testing Chapter 12. Web Intrusion Detection Section 12.1. Evolution of Web Intrusion Detection Section 12.2. Using mod_security Appendix A. Tools Section A.1. Learning Environments Section A.2. Information-Gathering Tools Section A.3. Network-Level Tools Section A.4. Web Security Scanners Section A.5. Web Application Security Tools Section A.6. HTTP Programming Libraries