The tough part of securing Apache is knowing what you need to defend from. Although my book enumerates all the threats, you need to read through the entire book to learn about them, and even then it may be difficult to remember them all when you need them. I've wanted for a long time to make this process easier and now, finally, here it is: the Apache Security Model:
At this time the model is only a draft, but I will polish it in the coming months. It will eventually make an important addition to the second edition of Apache Security.
