These are some of the titles on my bookshelf, books that have been indispensable information sources for me.
Preventing Web Attacks with Apache
A timely title, that’s for sure. Web application security and attack mitigation are hot subjects, and author Ryan Barnett has spent quite a bit of time in the thick of things. He takes the reader on a journey to configure a secure Apache server by applying just the right compilation, configuration and deployment settings, and describes a number of security related modules and their configuration directives. Most if not all of this stuff is well known or easily findable on the web, but having it all in one place is invaluable. Then Barnett talks about the Web Security Threat Classification and discusses the implications of each threat class on the Apache web server. A host of practical information follows, including instructions on setting up a open proxy honeypot and sample code for a banking application with security flaws. Good investment.
The Unix Systems Administration Handbook
The Unix Systems Administration Handbook is tremendously useful. Written by four real-life systems administrators, it provides a view from the trenches. This book discusses various aspects of systems administration and then lists the specific differences between a number of popular Unix distributions?Solaris, HP-UX, Linux and FreeBSD. The authors do not hold back: they discuss every wart you are likely to encounter in real life and offer a perspective that you will not see from any vendor’s manual.
TCP/IP Network Administration
This must be the first O’Reilly book I ever bought. Now in its third edition, Craig Hunt’s TCP/IP Network Administration taught me the basics on these network protocols over ten years ago.
Building Scalable Websites
Author Cal Henderson was involved with the development of Flickr. He lays down some insights on developing large websites in this book. The contents are interesting interesting and highly useful, if slightly uneven: while the chapters on e-mail, Unicode and security all have their merit, I’m sure an entire book could be written on nothing but scalability issues. It looks as if mr. Henderson had some topics in mind to discuss, and this book was the result. Good info though.
Apache: The Definitive Guide
Now in its third edition, Apache: The Definitive Guide is one of the most comprehensive and general texts on setting up and configuring the Apache HTTP Server. Besides setting up and configuring the Apache server, the book also contains a reference of the Apache API for writing modules to enhance the server.
The Apache Modules Book: Application Development with Apache
Nick is a very knowledgeable guy and I am looking forward to his Apache Modules book. He is an active committer on the Apache httpd project and answers questions on the Apache modules mailinglist on a regular basis. I will buy a copy of this book when it comes out.
SSL and TLS: Designing and Building Secure Systems
When I started work for a company that specialized in SSL, I got a copy of Rescorla’s SSL and TLS to get myself up to speed quickly. Rescorla delivers an excellent and in-depth overview of the Secure Sockets Layer and Transport Layer Security protocols. The book starts with a global overview, and gets progressively more detailed with flow diagrams and network traffic dumps to illustrate all aspects of the protocols. This is an excellent book for those who need to know how SSL and TLS work.
Applied Cryptography
Bruce Schneier’s landmark introduction to cryptography.
Nagios
There are several titles on the market about this open source network monitoring system. So why this one? I don’t know yet, but I just like No Starch.
Scalable Internet Architectures
Theo’s been there and done that. His Scalable Internet Architectures seminar regularly draws an audience at ApacheCon and he has laid down some nuggets of wisdom in this book. The reason some reviewers consider this book overly general and fragmentary is probably because it is more of a point of departure than anything else. When you start scaling out your web infrastructure, Theo is undeniably the expert. However, five minutes after he is done beating you with a stick, you will be way ahead of this book since only you know how your application works and how it will grow.