ModSecurity Handbook: The Complete Guide to the Popular Open Source Web Application Firewall Paperback – Mar 15 2010
Customers Who Bought This Item Also Bought
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
To get the free app, enter your e-mail address or mobile phone number.
About the Author
Ivan Ristic is a respected security expert and author, known especially for his contribution to the web application firewall field and the development of ModSecurity, the open source web application firewall. He is also the author of Apache Security, a comprehensive security guide for the Apache web server. A frequent speaker at computer security conferences, Ivan is an active participant in the application security community, a member of the Open Web Application Security Project, and an officer of the Web Application Security Consortium.
Most Helpful Customer Reviews on Amazon.com (beta)
Ivan sent me a few early releases of the book, and about a month ago I received the first print edition.
This book is what you've been waiting for if you use mod_security. (And, as I mentioned, if you're not using it, you should be.) The documentation for mod_security has long been frustrating. Even where it was complete and informative, you just didn't know where to start.
This book is where to start.
The first 2/3 of the book is written in tutorial fashion, walking you through tasks from installation to complex scripting. Chapter 6 gives a great description of writing rules, and Chapter 9 gives numerous practical examples which flesh out what goes before. I always learn best by example, so these examples and the accompanying explanations make the earlier academic learning more meaningful to me.
Chapter 8 is about persistent storage of data. I've long been interested in this area of mod_security, and have had many times when I needed it and didn't understand the docs on it. Ivan makes it much clearer than I've seen it presented before. I'll be looking back at this the next time the need arises to do this kind of thing.
The last third of the book is the reference manual. I'm a big fan of having the reference manual in printed format, although it does run the risk of being out of date quickly.
This book is constantly updated, so you can always obtain the latest version. However, it's unlikely that I'll be buying a new paper book each time there's a new release of mod_security. This book is also available in electronic format, and if you buy the ebook, you get updates to it as part of your purchase price. That's pretty cool.
On the whole, this book is a long-awaited resource, and is very well written, by the person who knows the topic best. Highly recommended. You should go get a copy right away.
This book is a living entity as it is continually updated digitally; your purchase includes 1 year of digital updates. Ristic also wants to know what you think and will incorporate updates and feedback if relevant.
While the ModSecurity Handbook covers v2.5 and beyond, Ristic's is "the only ModSecurity book on the market that provides comprehensive coverage of all features, including those features that are only available in the development repository."
ModSecurity Handbook offers detailed technical guidance and is rules-centric in its approach including configuration, writing, rules sets, and Lua. Your purchase even includes a digital-only ModSecurity Rule Writing Workshop.
Chapter 10 is dedicated to performance as proper tuning is essential to success with ModSecurity without web application performance degradation.
That said, the highlight of this excellent read for your reviewer was Chapter 8, covering Persistent Storage.
ModSecurity persistent storage is, for all intents and purposes, a free-form database that helps you:
* Track IP address and session activity, attack, and anomaly scores
* Track user behavior over a long period of time
* Monitor for session issues including hijacking, inactivity timeouts and absolute life span
* Detect denial of service and brute force attacks
* Implement periodic alerting
Following the applied persistence model, I found periodic alerting most interesting and useful. From pg. 126, "Periodic alerting is a technique useful in the cases when it is enough to see one alert about a particular situation, and when further events would only create clutter. You can implement periodic alerting to work once per IP address, session, URL, or even an entire application."
This is the ModSecurity equivalent of a Snort IDS rule header pass action useful when internal vulnerability scanners might cause an excess of alerts.
ModSecurity rules that perform passive vulnerability scanning might detect traces of vulnerabilities in output, and alert on them. Periodic alerting would thus only alert once when configured accordingly.
As an example, perhaps you are aware of minor issues that are important to be aware of, but do not require an alert on every web server hit.
Making use of the GLOBAL collection, ModSecurity Handbook's example would translate the scenario above by following a chained rule match and defining a variable, thus telling you if an alert has fired in a previously. The presence of the variable indicates that an alert shouldn't fire again for a rule-defined period of time. In concert with expiration and counter resets it is ensured that a rule will warn you only once in a your preferred period of time but still log as you see fit too.
ModSecurity Handbook, in concert with Ristic's Apache Security, are must reads for web application security administrators and architects, but will not leave those who need step-by-step instructions at a loss.
Trust me when I say, all you need to harden your web presence with ModSecurity is at your fingertips with the ModSecurity Handbook.
Following a brief introduction, the User Guide begins with chapters on installation, configuration and logging. These are then followed by an overview of the ModSecurity rule language, a tutorial on writing rules, rule configuration, using persistent storage and practical rule writing. Then there are important chapters on performance, writing content injection rules, using Lua, handling XML and extending the rule language. Even ModSecurity users with a lot of experience are going to find some new information. The Reference Manual details all the directives, variables, transformational functions, actions, operators and data formats.
Continual updates to the text that are available to purchasers of the book. These are delivered online as digital PDF updates are announced via a dedicated Twitter account, so you don't need to worry about the book becoming obsolete. But the real hidden gem must be the ModSecurity Rule Writing Workshop available online to purchasers of the book. This companion volume delves into real word rule-writing and covers the types of issues that spring to mind once ModSecurity users begin to think about whitelisting and creating custom rules for their own web applications.
This book is great for both beginners and as a reference for experts. Short of flying to London and studying ModSecurity with its creator, this book is the next best thing. There are numerous examples of how to implement various solutions to common problems (e.g. Session Hijacking, securing session tokens etc.) that can be copy and pasted directly from the examples shown. My only complaint about the book is that it does not cover the OWASP CRS. Having said that, the author has responded to every one of my questions regarding material in the book, often updating the online version of the book's contents to clarify issues I had questions about.
This book scores five easily based on the relevance and value of the information.
Look for similar items by category
- Books > Computers & Technology > History & Culture > Privacy
- Books > Computers & Technology > Networking & Cloud Computing > Internet, Groupware, & Telecommunications
- Books > Computers & Technology > Networking & Cloud Computing > Network Security
- Books > Computers & Technology > Networking & Cloud Computing > Networks, Protocols & APIs
- Books > Computers & Technology > Programming
- Books > Computers & Technology > Security & Encryption