ModSecurity Handbook available for pre-order and early access
ModSecurity Handbook, which I announced a couple of days ago, is now available for pre-order and early digital access. We managed to meet our self-imposed deadline and have everything ready for November 24th, actually.
This book is a big deal, in more ways than one:
- It took me more than 5 years to gather courage to start writing another book (after Apache Security, which I started writing in 2004).
- This book is about ModSecurity, a project that is very dear to my heart. It makes me very happy that I will document everything I know about it.
- I am releasing the book early because I want to interact with the readers while the content is still not finalised. With Apache Security I ended up being terribly unhappy because I was writing in isolation and because I couldn't seek feedback from the readers prior to publication.
- To publish this book (and all my subsequent books), my wife and I started a publishing company and dealt with all the stuff that publishers have to deal with. The learning curve wasn't very difficult because of my previous experience in publishing, but there was a lot of things to do.
- This book will be a living book. I intend to keep it up to date at all times, keeping up with the changes in ModSecurity. We've invested a significant amount of time into polishing a single-source publishing system, where the manuscript is kept as XML (DocBook, stored in a Subversion repository) and automatically converted to any of the supported formats (only PDF at the moment, but several forms of PDF, HTML and ePub in the near future). The system allows me to make changes and push updates instantly to all the readers!
The work is far from done, of course. First, I need to finish the book, first of all. Second, we'll have to figure out how to promote it effectively, and I somehow suspect that will be the hardest part. Perhaps, when it's all done, I'll write a blog post called "Adventures in Computer Book Publishing".
Update: The official Reference Manual and Data Formats Guide guide have been added to the book. There's about 230 pages of material right now, with the final count expected to be close to or over 300.
Ivan: I'm a big fan of mod_security and have been wanting to set it up using a passive tap. I know Breach says they have appliances that can do this, so there must be a way to accomplish this goal using just the open source tools. Will you be covering a passive approach in your book? I didn't see mention of this in the ToC that you released so I thought I'd ask.
All the best,
-sean
Posted by: Sean | December 03, 2009 at 07:16 PM
Sean, ModSecurity cannot be used to passively analyse HTTP traffic. Breach Security does have products that are used off-line, but they are built using their proprietary technology and do not rely on or include ModSecurity (at least not at present).
Posted by: Ivan Ristic | December 03, 2009 at 07:21 PM