Mitigating the WASC Web Security Threat Classification with Apache / Page 2
Mitigating the WASC Web Security Threat Classification with Apache
Classes of Attack
We will be covering the following classes of attack:
The format of the sections is as follows.
This will provide detailed information as to the scope of the attack and what factors may be involved for an attacker to attempt to exploit a specific vulnerability.
This section will provide some examples of how an attack may work, including possible example code of either an attack script or vulnerable program.
This section provides example mitigation options utilizing Apache capabilities, and associated modules. The countermeasure sections of this document are not official WASC-supported recommendations. For the initial release of the Threat Classification, it was decided to omit the mitigations section due to the multitude of possible solutions based on the technologies being used. Because we are focusing on Apache as our application of choice, I thought that I would put much of this data back in, with some updates. The recommendations presented are based on my own experiences and lessons learned while teaching the Web Intrusion Detection and Prevention with Apache class for the SANS Institute.
This section lists links to further information on the subject.