« The worst idea ever: Let's break SSL for mobile users | Main | Application security, Italian style »

Apache Security Model

February 18, 2009

The tough part of securing Apache (or anything else, for that matter) is knowing what you need to defend from. Although my book (Apache Security) enumerates the threats, you need to read through hundreds of pages to learn about them, and even then it may be difficult to remember them as you need them. I've wanted for a long time to make this process easier and now, finally, here it is: the Apache Security Model:

At this time the model is only a draft, but I will polish it in the coming months. It will eventually make an important addition to the second edition of Apache Security.