Chapter 12. Web Intrusion Detection
In spite of all your efforts to secure a web server, there is one
part you do not and usually cannot control in its entirety: web
applications. Web application design, programming, and maintenance
require a different skill set. Even if you have the skills, in a
typical organization these tasks are usually assigned to someone
other than a system administrator. But the problem of ensuring
adequate security remains. This final chapter suggests ways to secure
applications by treating them as black boxes and examining the way
they interact with the environment. The techniques that do this are
known under the name intrusion detection.
This chapter covers the following:
Evolution of intrusion detection Basic intrusion detection principles Web application firewalls mod_security
 |
