7. Mitigating the WASC Web Security Threat Classification with Apache

In the previous chapter, we discussed the steps necessary to properly secure a standard Apache installation. Although the updated configurations applied to Apache will certainly result in a more secure web server, the resulting web server’s functionality is significantly diminished. On today’s World Wide Web, most organizations have a requirement to add in some form of dynamic web application. After applying all of the security settings to a default Apache install, you are now choosing to install some form of complex application that very well may open up different vulnerabilities. Once you implement applications that need to track user sessions and allow interaction with databases, ...

Get Preventing Web Attacks with Apache now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.