While apparently being quite secure out of the box the Apache web server is still a well-liked target for hackers. This talk will help system administrators to improve the security of their site and will also cover techniques on attacking a web server. The Apache web server has been the most popular web server on the Internet since April 1996. As in September 2004 the official Netcraft Web Server Survey found that almost 70% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined. While being known to be quite secure out of the box the Apache web server is a well-known and well-liked target for hackers. This talk will help system administrators to improve the security of their web servers by dealing with Apache’s default configuration, presenting common misconfigurations and analyzing live configuration files of well-known organizations. Additionally common and uncommon techniques for attacking a web server will be covered. Finally the presentation will introduce mod_security which is an open source intrusion detection and prevention engine for web applications protecting the server from known and so far unknown attacks. There will also be approximately 5-10 minutes time at the end of the presentation to answer the questions of the participants.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.