21C3 Schedule Release 1.1.7
21st Chaos Communication Congress
Lectures and workshops
|Start Time||12:00 h|
Did you attend this event?
Improving the security of your web server by breaking into it
While apparently being quite secure out of the box the Apache web server is still a well-liked target for hackers. This talk will help system administrators to improve the security of their site and will also cover techniques on attacking a web server.
The Apache web server has been the most popular web server on the Internet since April 1996. As in September 2004 the official Netcraft Web Server Survey found that almost 70% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined. While being known to be quite secure out of the box the Apache web server is a well-known and well-liked target for hackers. This talk will help system administrators to improve the security of their web servers by dealing with Apache’s default configuration, presenting common misconfigurations and analyzing live configuration files of well-known organizations. Additionally common and uncommon techniques for attacking a web server will be covered.
Finally the presentation will introduce mod_security which is an open source intrusion detection and prevention engine for web applications protecting the server from known and so far unknown attacks. There will also be approximately 5-10 minutes time at the end of the presentation to answer the questions of the participants.