ModSecurity Handbook is the definitive guide to ModSecurity, the popular open source web application firewall. Written by Christian Folini and ModSecurity's original developer, Ivan Ristic, this book will teach you how to monitor activity on your web sites and protect them from attack. Situated between your web sites and the world, web application firewalls provide an additional security layer, monitoring everything that comes in and everything that goes out in real time. They enable you to perform many advanced activities, such as access control, virtual patching, HTTP traffic logging, continuous passive security assessment, and web application hardening. Web application firewalls can be very effective in preventing application security attacks, such as SQL injection, cross-site scripting, remote file inclusion, and others that plague most web sites today. ModSecurity Handbook covers the following topics, which will help anyone with a web site to run: Installation and configuration of ModSecurity Detailed guide to writing rules IP address, session, and user tracking Session management hardening Whitelisting, blacklisting, and IP reputation management Anomaly scoring and advanced blocking strategies Integration with other Apache modules Working with predefined rule sets Virtual patching and content injection Performance considerations Writing rules in Lua and extending ModSecurity in C Detailed coverage of ModSecurity's numerous directives, variables, transformations, and operators The book is suitable for all reader levels: It takes newcomers by the hand to turn them into seasoned users, while seasoned users will learn advanced techniques from the top experts on the subject and find hidden clues to master the rule language. An updated ModSecurity Reference Manual is included in the second part of the book.

Bulletproof TLS and PKI is a complete guide to using TLS encryption and PKI to deploy secure servers and web applications. Written by Ivan Ristic, author of the popular SSL Labs web site, this book will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks. In this book, you'll find just the right mix of theory, protocol detail, vulnerability and weakness information, and deployment advice to get your job done: - Comprehensive coverage of the ever-changing �eld of SSL/TLS and Internet PKI, with updates to the digital version - For IT professionals, help to understand security risks - For system administrators, help to deploy systems securely - For developers, help to secure web applications - Practical and concise, with added depth as needed - Introduction to cryptography and the Internet threat model - Coverage of TLS 1.3 as well as earlier protocol versions - Discussion of weaknesses at every level, covering implementation issues, HTTP and browser problems, and protocol vulnerabilities - Coverage of the latest attacks, such as BEAST, CRIME, BREACH, Lucky 13, RC4 biases, Triple Handshake Attack, and Heartbleed - Thorough deployment advice, including advanced technologies, such as Strict Transport Security, Content Security Policy, and pinning - Guide to using OpenSSL to generate keys and certificates and to create and run a private certification authority - Guide to using OpenSSL to test servers for vulnerabilities