CDN$ 54.25
Only 1 left in stock (more on the way).
Ships from and sold by
Gift-wrap available.
Add to Cart
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

Modsecurity Handbook Paperback – Mar 15 2010

Amazon Price New from Used from
"Please retry"
CDN$ 54.25
CDN$ 54.24 CDN$ 172.06

Join Amazon Student in Canada

Customers Who Bought This Item Also Bought


Product Details

Customer Reviews

There are no customer reviews yet on
5 star
4 star
3 star
2 star
1 star

Most Helpful Customer Reviews on (beta) 8 reviews
1 of 1 people found the following review helpful
Comprehensive guide for securing web applications Sept. 22 2010
By Emre Sevinc - Published on
Format: Paperback Verified Purchase
I'm very new to ModSecurity and I found the guide to be very useful as a beginner. The books pacing is very good, starting with basics, not assuming the reader to be an expert and slowly going to great depths and advanced levels. Previously I was just installing the ModSecurity + core rule set without much understanding, now I have the guide to explain me why I did what I did. I wish that the Lua chapter was a little bit longer and included more examples but I think there is no room for big complaints overall. I have marked lots of pages and I'm keeping the book at my desk for daily web application security testing and configuration tasks. Finally, the chapter about virtual patching was an eye-opener for me.
1 of 1 people found the following review helpful
Complete and authoritative June 22 2010
By Amazon Customer - Published on
Format: Paperback
I've finally finished reading Ivan Ristic's new book, mod_security handbook, published by Feisty Duck. Ivan is the brain behind mod_security. By the way, if you're not using mod_security on your Apache server, you should be. And this is the book to tell you how to use it.

Ivan sent me a few early releases of the book, and about a month ago I received the first print edition.

This book is what you've been waiting for if you use mod_security. (And, as I mentioned, if you're not using it, you should be.) The documentation for mod_security has long been frustrating. Even where it was complete and informative, you just didn't know where to start.

This book is where to start.

The first 2/3 of the book is written in tutorial fashion, walking you through tasks from installation to complex scripting. Chapter 6 gives a great description of writing rules, and Chapter 9 gives numerous practical examples which flesh out what goes before. I always learn best by example, so these examples and the accompanying explanations make the earlier academic learning more meaningful to me.

Chapter 8 is about persistent storage of data. I've long been interested in this area of mod_security, and have had many times when I needed it and didn't understand the docs on it. Ivan makes it much clearer than I've seen it presented before. I'll be looking back at this the next time the need arises to do this kind of thing.

The last third of the book is the reference manual. I'm a big fan of having the reference manual in printed format, although it does run the risk of being out of date quickly.

This book is constantly updated, so you can always obtain the latest version. However, it's unlikely that I'll be buying a new paper book each time there's a new release of mod_security. This book is also available in electronic format, and if you buy the ebook, you get updates to it as part of your purchase price. That's pretty cool.

On the whole, this book is a long-awaited resource, and is very well written, by the person who knows the topic best. Highly recommended. You should go get a copy right away.
2 of 3 people found the following review helpful
Book Review: ModSecurity Handbook June 10 2010
By Russ McRee - Published on
Format: Paperback
Published as the inaugural offering from Ristic's own Feisty Duck the ModSecurity Handbook is an important read for ModSecurity fans and new users alike. Need I remind you, Ristic developed ModSecurity, the web application firewall, in 2002 and remains involved in the project to this day.
This book is a living entity as it is continually updated digitally; your purchase includes 1 year of digital updates. Ristic also wants to know what you think and will incorporate updates and feedback if relevant.

While the ModSecurity Handbook covers v2.5 and beyond, Ristic's is "the only ModSecurity book on the market that provides comprehensive coverage of all features, including those features that are only available in the development repository."
ModSecurity Handbook offers detailed technical guidance and is rules-centric in its approach including configuration, writing, rules sets, and Lua. Your purchase even includes a digital-only ModSecurity Rule Writing Workshop.

Chapter 10 is dedicated to performance as proper tuning is essential to success with ModSecurity without web application performance degradation.
That said, the highlight of this excellent read for your reviewer was Chapter 8, covering Persistent Storage.
ModSecurity persistent storage is, for all intents and purposes, a free-form database that helps you:
* Track IP address and session activity, attack, and anomaly scores
* Track user behavior over a long period of time
* Monitor for session issues including hijacking, inactivity timeouts and absolute life span
* Detect denial of service and brute force attacks
* Implement periodic alerting

Following the applied persistence model, I found periodic alerting most interesting and useful. From pg. 126, "Periodic alerting is a technique useful in the cases when it is enough to see one alert about a particular situation, and when further events would only create clutter. You can implement periodic alerting to work once per IP address, session, URL, or even an entire application."
This is the ModSecurity equivalent of a Snort IDS rule header pass action useful when internal vulnerability scanners might cause an excess of alerts.
ModSecurity rules that perform passive vulnerability scanning might detect traces of vulnerabilities in output, and alert on them. Periodic alerting would thus only alert once when configured accordingly.
As an example, perhaps you are aware of minor issues that are important to be aware of, but do not require an alert on every web server hit.
Making use of the GLOBAL collection, ModSecurity Handbook's example would translate the scenario above by following a chained rule match and defining a variable, thus telling you if an alert has fired in a previously. The presence of the variable indicates that an alert shouldn't fire again for a rule-defined period of time. In concert with expiration and counter resets it is ensured that a rule will warn you only once in a your preferred period of time but still log as you see fit too.
Useful, right?

ModSecurity Handbook, in concert with Ristic's Apache Security, are must reads for web application security administrators and architects, but will not leave those who need step-by-step instructions at a loss.
Trust me when I say, all you need to harden your web presence with ModSecurity is at your fingertips with the ModSecurity Handbook.
1 of 2 people found the following review helpful
A Must-Have Book for Anybody Serious about WAF and ModSecurity April 26 2010
By Andrew Ward - Published on
Format: Paperback
Ivan Ristic has once again delivered another gem for both the security industry and open source community! In particular, I like the following about this book: 1) it is well organized into sections that match your activities - implementation, configuration, management; 2) it includes a comprehensive section on rules, which is where your ongoing effort will be with ModSecurity; and 3) this is a "living" book in that that author periodically updates the work based upon feedback and lessons learned. In particular, this last feature is really cool. This book continues to evolve and you'll get the electronic updates when new versions are released by the author. In fact, I got my first update this weekend! As the Sr. Product Manager of a service provider that is leveraging ModSecurity for its WAF solution, I advise that if you are at all serious about deploying ModSecurity, then this book is you should own.
1 of 2 people found the following review helpful
This Book Is a Win April 23 2010
By dune73 - Published on
Format: Paperback
Finally, there is a concise overview of ModSecurity from the main developer of the module. The official documentation of ModSecurity falls short in the rule writing area. And this is where this book excels. More than half of the text of this book is dedicated to rule writing. Here, the author takes you by the hand and explains rule writing in the form of a tutorial (this tutorial extends far beyond the chapter with that name).

AFAIK, this is the first publication that discusses ModSecurity persistent storage throughly. And this is clearly more information than what was ever published via mailinglists, blogposts of via the ModSecurity website.

It is true, that the English is very technical and not always up to literary standards. Who cares? This book earns all the 5 stars amazon has to offer.