December 2012
Intermediate to advanced
552 pages
13h 16m
English
Content preview from Web Application Defender's Cookbook
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Table of Contents
Part I: Preparing the Battle Space
Chapter 1: Application Fortification
Recipe 1-1: Real-time Application Profiling
Recipe 1-2: Preventing Data Manipulation with Cryptographic Hash Tokens
Recipe 1-3: Installing the OWASP ModSecurity Core Rule Set (CRS)
Recipe 1-4: Integrating Intrusion Detection System Signatures
Recipe 1-5: Using Bayesian Attack Payload Detection
Recipe 1-6: Enable Full HTTP Audit Logging
Recipe 1-7: Logging Only Relevant Transactions
Recipe 1-8: Ignoring Requests for Static Content
Recipe 1-9: Obscuring Sensitive Data in Logs
Recipe 1-10: Sending Alerts to a Central Log Host Using Syslog
Recipe 1-11: Using the ModSecurity AuditConsole
Chapter 2: Vulnerability Identification and Remediation
Internally Developed Applications
Externally Developed Applications
Recipe 2-1: Passive Vulnerability Identification
Active Vulnerability Identification
Recipe 2-2: Active Vulnerability Identification
Manual Vulnerability Remediation
Recipe 2-3: Manual Scan Result Conversion
Recipe 2-4: Automated Scan Result Conversion
Recipe 2-5: Real-time Resource Assessments and Virtual Patching
Chapter 3: Poisoned Pawns (Hacker Traps)
Recipe 3-1: Adding Honeypot Ports
Recipe 3-2: Adding Fake robots.txt Disallow Entries
Recipe 3-3: Adding Fake HTML Comments