Securely configuring web server software and frameworks is the foundation of creating secure web-based services.

Labs in this category explore the configuration of popular web server software packages and related tools, such as reverse proxies. Labs also address the secure configuration of SSL encryption, preventing cryptographic attacks such as Heartbleed.

The labs in this category assume general knowledge of TCP/IP networking, the basics of the HTTP protocol, and some of the languages and frameworks commonly used for web applications. If you've configured nginx in the past but never used Apache, for instance, this is the category for you!

Secure Configuration of the Apache Web Server

Students will learn how to set up a web server securely by configuring the commonly-used Apache HTTP Server® on a Linux system. Security options will be explored, including location/directory restrictions, permissions, authentication, and SSL configuration.

Prerequisites

Basic web application knowledge (HTTP, URL parameters, etc.), networking concepts (TCP/IP, DNS, etc.), and familiarity with the Unix/Linux command line.

Expected Duration

2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.

Educational Lab

Secure SSL Configuration in Apache

Students will build on the basic Apache configuration exercise to configure Secure Sockets Layer (SSL) encryption for the Apache HTTP Server®. Students will learn and implement best security practices and strong cryptography guarantees while avoiding vulnerabilities such as Heartbleed.

Prerequisites

Basic web application knowledge (HTTP, URL parameters, etc.), networking concepts (TCP/IP, DNS, etc.), and familiarity with the Unix/Linux command line. The Secure Configuration of the Apache Web Server course is recommended before taking this course.

Expected Duration

2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.

Educational Lab

Deploying a LAMP Stack

Students will learn about the LAMP (Linux, Apache, MySQL, PHP) stack and will deploy a LAMP stack running an application written in PHP. LAMP is one of the most common software stacks for many of the web's most popular applications. This lab is brought to you by the Rochester Institute of Technology Global Cybersecurity Institute.

Students will set up a LAMP stack to run WordPress, a PHP application. They will set up a MySQL database for use by the WordPress application, and will configure Apache to serve up the PHP pages for the application.

Students will learn just enough of the MySQL command line and of Apache configuration needed to deploy a LAMP stack. They can learn more about MySQL and Apache configuration in the labs An Introduction to MariaDB and MySQL, Secure Configuration of the Apache Web Server, and Secure SSL Configuration in Apache.

Prerequisites

A very basic understanding of web applications and relational databases.

Expected Duration

1.5 hours, self-paced. Pause and continue at any time.
1.5 CPEs awarded on successful completion.

Educational Lab