The Web Application Defender's Cookbook

100+ recipes to improve your defenses

Are your web applications secure? Do you know how to lock down new web applications when they are placed into production? Do you know if attackers are trying to break into your site and steal data or cause other harm? The solutions in this book provide answers to these critical questions and increase your ability to thwart malicious activity within your web applications.

Each recipe includes background data explaining how the attack works, an ingredients list, and step-by-step directions. You'll learn how to prepare for attacks, analyze web transactions for malicious activity, and respond with the best solutions. ModSecurity, a versatile, open source web application firewall module for Apache, Microsoft IIS, and Nginx web server platforms, is used to demonstrate each defensive technique.

Learn to:
- Implement full HTTP auditing for incident response
- Utilize virtual patching processes to remediate identified vulnerabilities
- Deploy web tripwires (honeytraps) to identify malicious users
- Detect when users are acting abnormally
- Analyze uploaded files and web content for malware
- Recognize when web applications leak sensitive user or technical data
- Respond to attacks with varying levels of force