| ModSecurity is a module running on Apache and is | | | | application remain unscathed on the increasingly |
| based on linux server. It will help users learn about | | | | dangerous web. Have you ever wondered how |
| various computer security vulnerabilities like SQL | | | | attackers figure out the exact web server version |
| injection, cross-site scripting attacks, cross-site request | | | | running on a system? They use a technique called |
| forgeries, null byte attacks, and many more so that | | | | HTTP fingerprinting, and you will learn about this in |
| one knows how attackers operate. It will also help one | | | | depth and how to defend against it by flying your web |
| find the geographical location of an attacker and send | | | | server under a "false flag". |
| alert emails when attacks are discovered. | | | | Users can learn to compile ModSecurity from source |
| You can read an exclusive chapter here: | | | | and install it on a Linux system and also find out how |
| Real-life case studies are used to illustrate the dangers | | | | to prevent the source code of their web application |
| on the Web today – you will for example learn how | | | | being shown to the world if something goes wrong |
| the recent worm that hit Twitter works, and how you | | | | with their server configuration They would also |
| could have used ModSecurity to stop it in its tracks. | | | | discover the real IP address of an attacker using |
| The mechanisms behind these and other attacks are | | | | ModSecurity, even if the attacker is behind a proxy |
| described in detail, and you will learn everything you | | | | server. |
| need to know to make sure your server and web | | | | |