Securing Apache and SQL


Securing Apache and SQL Presentation

Securing Apache and SQL Study Guide

The Project
Created as part of a class project in my last year at Seneca College. The goal was to address the security issues of a newly installed HTTP web server and provide information on how the security issues could be overcome. The specific focus was on Apache web server being used with SQL. The presentation uses Nikto to demonstrate the differences between a secure and an insecure web server. It includes examples of scripts for compiling, virtual host configuration and examples of SQL injection using Damn Vulnerable Web App. The presentation includes three videos in which SQL exploits are demonstrated including SQL injection and file includes. The study guide was provided to the students in order to study the subject matter for the final exam. My role was to focus on the Apache aspects of the presentation, while my partner focused on the SQL aspect.

Technical Details
Vanilla installation of Apache was installed and tested using Fedora Core 7. The secure install was compiled and tested on Solaris. Both were using the latest version of Apache and mySQL. Security tests done with Nikto and Backtrack 3. SQL vulnerabilities were demonstrated using Damn Vulnerable Web App.

Leave a Reply

Your email address will not be published. Required fields are marked *