Table of Contents
Part I: Preparing the Battle Space
Chapter 1: Application Fortification
Recipe 1-1: Real-time Application Profiling
Recipe 1-2: Preventing Data Manipulation with Cryptographic Hash Tokens
Recipe 1-3: Installing the OWASP ModSecurity Core Rule Set (CRS)
Recipe 1-4: Integrating Intrusion Detection System Signatures
Recipe 1-5: Using Bayesian Attack Payload Detection
Recipe 1-6: Enable Full HTTP Audit Logging
Recipe 1-7: Logging Only Relevant Transactions
Recipe 1-8: Ignoring Requests for Static Content
Recipe 1-9: Obscuring Sensitive Data in Logs
Recipe 1-10: Sending Alerts to a Central Log Host Using Syslog
Recipe 1-11: Using the ModSecurity AuditConsole
Chapter 2: Vulnerability Identification and Remediation
Internally Developed Applications
Externally Developed Applications
Recipe 2-1: Passive Vulnerability Identification
Active Vulnerability Identification
Recipe 2-2: Active Vulnerability Identification
Manual Vulnerability Remediation
Recipe 2-3: Manual Scan Result Conversion
Recipe 2-4: Automated Scan Result Conversion
Recipe 2-5: Real-time Resource Assessments and Virtual Patching
Chapter 3: Poisoned Pawns (Hacker Traps)
Recipe 3-1: Adding Honeypot Ports
Recipe 3-2: Adding Fake robots.txt Disallow Entries
Recipe 3-3: Adding Fake HTML Comments
Get Web Application Defender's Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
