Apache Security - Ivan Ristic [230]
SEC, Simple Event Correlator
Snort intrusion detection, Network Monitoring
Spread Toolkit (distributed logging), Distributed Logging with the Spread Toolkit
Swatch monitoring program, Swatch
Tripwire integrity checker, File Integrity
web application, Web Application Security Tools, Web Application Security Tools, Paros, Commercial Web Security Tools
commercial, Commercial Web Security Tools
Paros, Paros
WebScarab, Web Application Security Tools
web security scanners, Web Security Scanners, Nikto, Nessus
Nessus, Nessus
Nikto, Nikto
traceroute, Connectivity
TransferLog directive, Request Logging, TransferLog
Triple-DES (3DES) encryption, Symmetric Encryption
Tripwire integrity checker, File Integrity
two-factor authentication, Overview
U
Unicode nonstandard representation on IIS problem, Unicode Encoding
V
vocabulary, security, Common Security Vocabulary
vulnerability, Vulnerability Probing
probing, Vulnerability Probing
W
WAFs (web application firewalls), Evolution of Web Intrusion Detection, Evolution of Web Intrusion Detection
(see also mod_security firewall module)
weakness, Common Security Vocabulary
web application analysis, Web Application Analysis, Using a spider to map out the application structure, Examining page elements, Enumerating pages with parameters, Examining well-known locations
page elements, Examining page elements
page parameters, Enumerating pages with parameters
spiders, Using a spider to map out the application structure
well-known directories, Examining well-known locations
web application architectures, Web Application Architecture Blueprints, User View, Network View, Apache View, Apache 2, LogFormat, Architecture Review
Apache changes, effect on, Apache 2, LogFormat
security review of, Architecture Review
views, User View, Network View, Apache View
Apache, Apache View
network, Network View
user, User View
web application firewalls, Evolution of Web Intrusion Detection, Evolution of Web Intrusion Detection (see WAFs)
(see also mod_security firewall module)
web application security, Increasing Session Security, Increasing Session Security, Setting Safe Mode Options, Session Management Attacks, Cookies, Session Management Concepts, Session Tokens, Session Attacks, Brute-force attacks, Good Practices, Attacks on Clients, Typical Client Attack Targets, Phishing, Application Logic Flaws, Information Disclosure, File Disclosure, Path Traversal, Application Download Flaws, Source Code Disclosure, Predictable File Locations, Injection Flaws, SQL Injection, Cross-Site Scripting, Command Execution, Code Execution, Preventing Injection Attacks, Buffer Overflows, Evasion Techniques, Simple Evasion Techniques, Path Obfuscation, URL Encoding, Unicode Encoding, Null-Byte Attacks, Null-Byte Attacks, Null-Byte Attacks, SQL Evasion, Web Application Security Resources, Reviewing the application configuration, Learning Environments, WebMaven, WebGoat, Web Application Security Tools, Web Application Security Tools, Paros, Commercial Web Security Tools
application logic flaws, Application Logic Flaws (see web applications, logic flaws)
buffer overflows, Buffer Overflows
chained vulnerabilities compromise example, Null-Byte Attacks
client attacks, Attacks on Clients, Typical Client Attack Targets, Phishing
phishing, Phishing
typical, Typical Client Attack Targets
configuration review, Reviewing the application configuration
evasion techniques, Evasion Techniques, Simple Evasion Techniques, Path Obfuscation, URL Encoding, Unicode Encoding, SQL Evasion
path obfuscation, Path Obfuscation
simple, Simple Evasion Techniques
SQL injection, SQL Evasion
Unicode encoding, Unicode Encoding
URL encoding, URL Encoding
file disclosure, File Disclosure, Path Traversal, Application Download Flaws, Source Code Disclosure, Predictable File Locations
download script flaws, Application Download Flaws
path traversal, Path Traversal
predictable locations, Predictable File Locations
source code, Source Code Disclosure
information disclosure,