The Web Server is a crucial part of web-based applications. Apache Web Server is often placed at the edge of the network hence it becomes one of the most vulnerable services to attack. Having default configuration supply many sensitive information which may help hacker to prepare for an attack the web server.
The majority of web application attacks are through XSS, Info Leakage, Session Management and PHP Injection attacks which is due to weak programming code and failure to sanitize web application infrastructure. According to the security vendor Cenzic, 99% of tested applications have vulnerabilities. Below chart from Cenzic shows the vulnerability trend report of 2013.
This practical guide provides you the necessary skill set to secure Apache Web Server. In this course, we will talk about how to Harden & Secure Apache Web Server on Unix platform. Following are tested on Apache 2.4.x and I don’t see any reason it won’t work with Apache 2.2.x.
We will call Apache installation directory /opt/apache as $Web_Server throughout this course.
You are advised to take a backup of existing configuration file before any modification.
This is designed for Middleware Administrator, Application Support, System Analyst, or anyone working or eager to learn Hardening & Security guidelines. Fair knowledge of Apache Web Server & UNIX command is mandatory.
This is seven page guide, click on Next to proceed. You may navigate through table of contents at right hand side.