Are your web applications secure? Do you know how to lock down new web applications when they are placed into production? Do you know if attackers are trying to break into your site and steal data or cause other harm? The solutions in this book provide answers to these critical questions and increase your ability to thwart malicious activity within your web applications.
Each recipe includes background data explaining how the attack works, an ingredients list, and step-by-step directions. You'll learn how to prepare for attacks, analyze web transactions for malicious activity, and respond with the best solutions. ModSecurity, a versatile, open source web application firewall module for Apache, Microsoft IIS, and Nginx web server platforms, is used to demonstrate each defensive technique.
Implement full HTTP auditing for incident response
Utilize virtual patching processes to remediate identified vulnerabilities
Deploy web tripwires (honeytraps) to identify malicious users
Detect when users are acting abnormally
Analyze uploaded files and web content for malware
Recognize when web applications leak sensitive user or technical data