Cover; Table of Contents; Preface; Chapter 1: Let's Get Started; Introduction; Common Terminology; Hosting-Selection and Unique Needs; What Is a Host?; Choosing a Host; Questions to Ask a Prospective Host; Facilities; Things to Ask Your Host about Facility Security; Environmental Questions about the Facility; Site Monitoring and Protection; Patching and Security; Shared Hosting; Dedicated Hosting; Architecting for a Successful Site; What Is the Purpose of Your Site?; Eleven Steps to Successful Site Architecture; Downloading Joomla!; Settings; .htaccess; Permissions; User Management
Common Trip UpsFailure to Check Vulnerability List First; Register Globals, Again; Permissions; Poor Documentation; Got Backups?; Setting Up Security Metrics; Summary; Chapter 2: Test and Development; Welcome to the Laboratory!; Test and Development Environment; What Does This Have to Do with Security?; The Evil Hamster Wheel of Upgrades; Determine the Need for Upgrade; Developing Your Test Plan; Essential Parameters for a Successful Test; Using Your Test and Development Site for Disaster Planning; Updating Your Disaster Recovery Documentation
Make DR Testing a Part of Your Upgrade/Rollout CycleCrafting Good Documentation; Using a Software Development Management System; Tour of Lighthouse from Artifact Software; Reporting; Using the Ravenswood Joomla! Server; Roll-out; Summary; Chapter 3: Tools; Introduction; Tools, Tools, and More Tools; HISA; Installation Check; Web-Server Environment; Required Settings for Joomla!; Recommended Settings; Joomla Tools Suite with Services; How's Our Health?; NMAP-Network Mapping Tool from insecure.org; Wireshark; Metasploit-The Penetration Testers Tool Set; Nessus Vulnerability Scanner
Why You Need NessusSummary; Chapter 4: Vulnerabilities; Introduction; Importance of Patching is Paramount; What is a Vulnerability?; Memory Corruption Vulnerabilities; SQL Injections; Command Injection Attacks; Attack Example; Why do Vulnerabilities Exist?; What Can be Done to Prevent Vulnerabilities?; Developers; Poor Testing and Planning; Forbidden; Improper Variable Sanitization and Dangerous Inputs; Not Testing in a Broad Enough Environment; Testing for Various Versions of SQL; Interactions with Other Third-Party Extensions; End Users; Social Engineering; Poor Patching and Updating
0
8
8
8
In Detail Joomla! is one of the most powerful open-source content management systems used to build websites and other powerful online applications. While Joomla! itself is inherently safe, misconfigurations, vulnerable components, poorly configured hosts, and weak passwords can all contribute to the downfall of your site. So, you need to know how to secure your website from security threats. Today every website needs to take security into consideration. Using the knowledge here, your Joomla! site can be ahead of the security threats so prevalent today. This book will take you all the way from the most basic steps of preparation to the nuts and bolts of actual protection. It is packed full of relevant and real-world topics such as security tools, configuration suggestions, setting up your test and development environment, reading and interpreting log files, and techniques used by bad hackers on the Internet. In addition to this you will learn how to respond to a site emergency should one occur and how to collect the evidence needed to pursue law enforcement action. The book provides a concise overview of all the parts needed to construct a defence-in-depth strategy for your Joomla! site. At the end of the book you will have a solid security foundation to take your Joomla! website to a higher level of security than the basic site setup. What you will learn from this book? This book covers: Implementing steps for successful Joomla! website architecture Setting up metrics to measure security Exploring the test and development environment; developing your test plan to make sure everything will work as planned Utilizing your test and development site for disaster recovery Measuring the performance of your software development projects using a software development management system Exploring several tools to help protect your website Diving into security vulnerabilities: why they exist; some typical counter measures Exploring SQL Injections - how they can hurt you and how to prevent them Mastering the two important security layers - php.ini and .htaccess Reading and analyzing logs relevant to protecting your Joomla! site Handling Security Incidents in a professional manner Blocking nuisance IP addresses Approach This book will give you a strong, hands-on approach to security. It starts out with the most basic of considerations such as choosing the right hosting sites then moves quickly into securing the Joomla! site and servers. This is a security ha ...