Web Application Defender's Cookbook: Battling Hackers and Protecting Users

  • 6h 37m
  • Ryan Barnett
  • John Wiley & Sons (US)
  • 2013

The top-selling book Web Application Hacker's Handbook showed how attackers and hackers identify and attack vulnerable live web applications. This new Web Application Defender's Cookbook is the perfect counterpoint to that book: it shows you how to defend. Authored by a highly credentialed defensive security expert, this new book details defensive security methods and can be used as courseware for training network security personnel, web server administrators, and security consultants.

Each "recipe" shows you a way to detect and defend against malicious behavior and provides working code examples for the ModSecurity web application firewall module. Topics include identifying vulnerabilities, setting hacker traps, defending different access points, enforcing application flows, and much more.

  • Provides practical tactics for detecting web attacks and malicious behavior and defending against them
  • Written by a preeminent authority on web application firewall technology and web application defense tactics
  • Offers a series of "recipes" that include working code examples for the open-source ModSecurity web application firewall module

Find the tools, techniques, and expert information you need to detect and respond to web application attacks with Web Application Defender's Cookbook: Battling Hackers and Protecting Users.

About the Author

RYAN BARNETT is a Lead Security Researcher in Trustwave's SpiderLabs Team, an advanced security team focused on penetration testing, incident response, and application security. He is the ModSecurity web application firewall project lead, a SANS Institute certified instructor, and a frequent speaker at industry conferences.

In this Book

  • Application Fortification
  • Vulnerability Identification and Remediation
  • Poisoned Pawns (Hacker Traps)
  • Reputation and Third-Party Correlation
  • Request Data Analysis
  • Response Data Analysis
  • Defending Authentication
  • Defending Session State
  • Preventing Application Attacks
  • Preventing Client Attacks
  • Defending File Uploads
  • Enforcing Access Rate and Application Flows
  • Passive Response Actions
  • Active Response Actions
  • Intrusive Response Actions
SHOW MORE
FREE ACCESS