ModSecurity Handbook: The book that will tell you everything you need to know about the popular open source web application firewall (Feisty Duck)

Home Training Books

Buy ebook £12
Plus VAT if you're in the EU, excl. UK

Get paperback from Amazon: .com .ca
.co.uk .de .fr .jp

Last update: 24 March 2012
First release: 15 March 2010
Language: English (384 pages)
ISBN: 978-1907117022
Formats: Paperback, PDF, EPUB,
Kindle, Online; no DRM

The definitive guide to the popular open source web application firewall, by Ivan Ristić, the principal author of ModSecurity

Step-by-step instructions for those just starting out
Detailed explanations of the internals and advanced techniques for seasoned users
Includes a comprehensive reference manual
Available as paperback and various digital formats (PDF, EPUB, Mobi/Kindle); no DRM
Also available online in our browser-based reading application
Online version has a reading mode that shows changes since the first edition
Provides full coverage of ModSecurity 2.6.x
Includes the official ModSecurity Reference Manual

Preface      
        
Part I: User Guide                1. Introduction
                2. Installation
                3. Configuration
                4. Logging
                5. Rule Language Overview
                6. Rule Language Tutorial
                7. Rule Configuration
                8. Persistent Storage 
                9. Practical Rule Writing
                10. Performance
                11. Content Injection           
                12. Writing Rules in Lua
                13. Handling XML
                14. Extending Rule Language
        
Part II: Reference Manual                15. Directives
                16. Variables
                17. Transformation Functions
                18. Actions
                19. Operators
                20. Data Formats Guide
                
Index

About the Author

Ivan Ristić is a security researcher, engineer, and author, known especially for his contributions to the web application firewall field and development of ModSecurity, an open source web application firewall, and for his SSL/TLS and PKI research, tools and guides published on the SSL Labs web site.

He is the author of two books, Apache Security and ModSecurity Handbook, which he publishes via Feisty Duck, his own platform for continuous writing and publishing. Ivan is an active participant in the security community and you'll often find him speaking at security conferences such as Black Hat, RSA, OWASP AppSec, and others. He's currently Director of Application Security Research at Qualys.

Preview

ModSecurity Handbook:
Getting Started
A free 60-page book that covers installation and initial configuration of ModSecurity. This book is based on the first 4 chapters of ModSecurity Handbook.

Additional Material

First edition errata

About ModSecurity

ModSecurity is a widely-deployed open source web application firewall, used by small and large organizations alike. Ivan founded ModSecurity in 2002 and ran the project until 2009. Since then he is focused on documenting the project, via his work on ModSecurity Handbook.

ModSecurity and mod_security are trademarks or registered trademarks of Trustwave Holdings, Inc.