At the end of my Hardening Enterprise Apache Installations Against Attacks presentation at ApacheCon US 2008 I had a slide of interesting reading material. Here are the books on the list, and links to some of the articles:
I also included links to some interesting articles and organizations. Most of these were visited early November 2008:
- The Apache HTTP Server Security Report
- The Center for Internet Security who publish benchmarks for web server and operating system security
- The Open Web Application Security Foundation concentrates on developing secure web application code
- The Web Application Security Consortium
- The National Institute for Standards and Technology (NIST) published a checklist for securing internet-facing web servers