ModSecurity Handbook is the definitive guide to ModSecurity, a popular open source web application firewall. Written by Ivan Ristic, who designed and wrote much of ModSecurity, this book will teach you everything you need to know to monitor the activity on your web sites and protect them from attack. Situated between your web sites and the world, web application firewalls provide an additional security layer, monitoring everything that comes in and everything that goes out. They enable you to perform many advanced activities, such as real-time application security monitoring, access control, virtual patching, HTTP traffic logging, continuous passive security assessment, and web application hardening. They can be very effective in preventing application security attacks, such as cross-site scripting, SQL injection, remote file inclusion, and others. Considering that most web sites today suffer from one problem or another, ModSecurity Handbook will help anyone who has a web site to run. The topics covered include: - Installation and configuration of ModSecurity - Logging of complete HTTP traffic - Rule writing, in detail - IP address, session, and user tracking - Session management hardening - Whitelisting, blacklisting, and IP reputation management - Advanced blocking strategies - Integration with other Apache modules - Working with rule sets - Virtual patching - Performance considerations - Content injection - XML inspection - Writing rules in Lua - Extending ModSecurity in C The book is suitable for all reader levels: it contains step-by-step installation and configuration instructions for those just starting out, as well as detailed explanations of the internals and discussion of advanced techniques for seasoned users. The official ModSecurity Reference Manual is included in the second part of the book. Digital version available. For more information and to access the online companion, go to www.modsecurityhandbook.com
發表於2024-12-18
ModSecurity Handbook 2024 pdf epub mobi 電子書 下載
圖書標籤: modsecurity 信息安全 網絡安全 HTTP 編程 安全 websecurity programming
還是沒找到分析Modsecurity源碼的書,隻能自己慢慢啃瞭~嗯,不過整體結構基本清晰瞭,繼續學習一下,然後再考慮重構ysec_waf。
評分還是沒找到分析Modsecurity源碼的書,隻能自己慢慢啃瞭~嗯,不過整體結構基本清晰瞭,繼續學習一下,然後再考慮重構ysec_waf。
評分還是沒找到分析Modsecurity源碼的書,隻能自己慢慢啃瞭~嗯,不過整體結構基本清晰瞭,繼續學習一下,然後再考慮重構ysec_waf。
評分還是沒找到分析Modsecurity源碼的書,隻能自己慢慢啃瞭~嗯,不過整體結構基本清晰瞭,繼續學習一下,然後再考慮重構ysec_waf。
評分還是沒找到分析Modsecurity源碼的書,隻能自己慢慢啃瞭~嗯,不過整體結構基本清晰瞭,繼續學習一下,然後再考慮重構ysec_waf。
ModSecurity Handbook 2024 pdf epub mobi 電子書 下載