Cover; Part I: Preparing the Battle Space; Chapter 1: Application Fortification; Recipe 1-1: Real-time Application Profiling; Recipe 1-2: Preventing Data Manipulation with Cryptographic Hash Tokens; Recipe 1-3: Installing the OWASP ModSecurity Core Rule Set (CRS); Recipe 1-4: Integrating Intrusion Detection System Signatures; Recipe 1-5: Using Bayesian Attack Payload Detection; HTTP Audit Logging; Recipe 1-6: Enable Full HTTP Audit Logging; Recipe 1-7: Logging Only Relevant Transactions; Recipe 1-9: Obscuring Sensitive Data in Logs
Recipe 1-10: Sending Alerts to a Central Log Host Using SyslogRecipe 1-11: Using the ModSecurity AuditConsole; Recipe 1-8: Ignoring Requests for Static Content; Chapter 2: Vulnerability Identification and Remediation; Internally Developed Applications; Externally Developed Applications; Virtual Patching; Recipe 2-1: Passive Vulnerability Identification; Active Vulnerability Identification; Recipe 2-2: Active Vulnerability Identification; Manual Vulnerability Remediation; Recipe 2-3: Manual Scan Result Conversion; Recipe 2-4: Automated Scan Result Conversion
Defending your web applications against hackers and attackers The top-selling book Web Application Hacker's Handbook showed how attackers and hackers identify and attack vulnerable live web applications. This new Web Application Defender's Cookbook is the perfect counterpoint to that book: it shows you how to defend. Authored by a highly credentialed defensive security expert, this new book details defensive security methods and can be used as courseware for training network security personnel, web server administrators, and security consultants. Each