Details zum E-Book

Joomla! Web Security. Secure your Joomla! website from common security threats with this easy-to-use guide

Joomla! Web Security. Secure your Joomla! website from common security threats with this easy-to-use guide

Chris Davenport, Tom Canavan

E-book
  • Joomla! Web Security
    • Table of Contents
    • Joomla! Web Security
    • Credits
    • About the Author
    • About the Reviewer
    • Preface
      • What This Book Covers
      • Who is This Book For
      • Conventions
      • Reader Feedback
      • Customer Support
        • Downloading the Example Code for the Book
        • Errata
        • Piracy
        • Questions
    • 1. Lets Get Started
      • Introduction
      • Common Terminology
      • HostingSelection and Unique Needs
        • What Is a Host?
        • Choosing a Host
        • Questions to Ask a Prospective Host
        • Facilities
        • Things to Ask Your Host about Facility Security
        • Environmental Questions about the Facility
        • Site Monitoring and Protection
        • Patching and Security
        • Shared Hosting
        • Dedicated Hosting
      • Architecting for a Successful Site
        • What Is the Purpose of Your Site?
        • Eleven Steps to Successful Site Architecture
      • Downloading Joomla!
        • Settings
      • .htaccess
      • Permissions
        • User Management
      • Common Trip Ups
        • Failure to Check Vulnerability List First
          • Register Globals, Again
          • Permissions
          • Poor Documentation
          • Got Backups?
      • Setting Up Security Metrics
              • Establishing a Baseline
              • Server Security Metrics
              • Personal Computing Security Metrics
              • Incident ReportingForums and Host
      • Summary
    • 2. Test and Development
      • Welcome to the Laboratory!
        • Test and Development Environment
        • What Does This Have to Do with Security?
        • The Evil Hamster Wheel of Upgrades
          • Determine the Need for Upgrade
        • Developing Your Test Plan
          • Essential Parameters for a Successful Test
              • Purpose of This Test
        • Using Your Test and Development Site for Disaster Planning
          • Updating Your Disaster Recovery Documentation
          • Make DR Testing a Part of Your Upgrade/Rollout Cycle
        • Crafting Good Documentation
        • Using a Software Development Management System
          • Tour of Lighthouse from Artifact Software
      • Reporting
      • Using the Ravenswood Joomla! Server
        • Roll-out
      • Summary
    • 3. Tools
      • Introduction
      • Tools, Tools, and More Tools
        • HISA
          • Installation Check
          • Web-Server Environment
          • Required Settings for Joomla!
          • Recommended Settings
        • Joomla Tools Suite with Services
        • How's Our Health?
        • NMAPNetwork Mapping Tool from insecure.org
        • Wireshark
        • MetasploitThe Penetration Testers Tool Set
        • Nessus Vulnerability Scanner
          • Why You Need Nessus
      • Summary
    • 4. Vulnerabilities
      • Introduction
      • Importance of Patching is Paramount
      • What is a Vulnerability?
        • Memory Corruption Vulnerabilities
        • SQL Injections
        • Command Injection Attacks
          • Attack Example
        • Why do Vulnerabilities Exist?
        • What Can be Done to Prevent Vulnerabilities?
          • Developers
          • Poor Testing and Planning
        • Forbidden
        • Improper Variable Sanitization and Dangerous Inputs
        • Not Testing in a Broad Enough Environment
        • Testing for Various Versions of SQL
        • Interactions with Other Third-Party Extensions
      • End Users
        • Social Engineering
        • Poor Patching and Updating
      • Summary
    • 5. Anatomy of Attacks
      • Introduction
      • SQL Injections
        • Testing for SQL Injections
        • A Few Methods to Prevent SQL Injections
        • And According to PHP.NET
      • Remote File Includes
        • The Most Basic Attempt
        • What Can We Do to Stop This?
              • I'm Using Joomla 1.5 so I'm Safe!
        • Preventing RFI Attacks
      • Summary
    • 6. How the Bad Guys Do It
      • Laws on the Books
      • Acquiring Target
      • Sizing up the Target
      • Vulnerability Tools
        • Nessus
        • Nikto: An Open-Source Vulnerability Scanner
        • Acunetix
        • NMAP
        • Wireshark
        • Ping Sweep
        • Firewalk
        • Angry IP Scanner
        • Digital Graffiti versus Real Attacks
      • Finding Targets to Attack
      • What Do I Do Then?
      • Countermeasures
        • But What If My Host Won't Cooperate?
        • What If My Website Is Broken into and Defaced?
        • What If a Rootkit Has Been Placed on My Server?
      • Closing Words
      • Summary
    • 7. php.ini and .htaccess
      • .htaccess
        • Bandwidth Preservation
        • Disable the Server Signature
        • Prevent Access to .htaccess
        • Prevent Access to Any File
        • Prevent Access to Multiple File Types
        • Prevent Unauthorized Directory Browsing
        • Disguise Script Extensions
        • Limit Access to the Local Area Network (LAN)
        • Secure Directories by IP and/or Domain
        • Deny or Allow Domain Access for IP Range
        • Stop Hotlinking, Serve Alternate Content
        • Block Robots, Site Rippers, Offline Browsers, and Other Evils
          • More Stupid Blocking Tricks
        • Password-Protect Files, Directories, and More
          • Protecting Your Development Site until it's Ready
        • Activating SSL via .htaccess
        • Automatically CHMOD Various File Types
        • Limit File Size to Protect Against Denial-of-Service Attacks
        • Deploy Custom Error Pages
        • Provide a Universal Error Document
        • Prevent Access During Specified Time Periods
        • Redirect String Variations to a Specific Address
        • Disable magic_quotes_gpc for PHP-Enabled Servers
      • php.ini
        • But What is the php.ini File?
        • How php.ini is Read
              • Machine Information
      • Summary
    • 8. Log Files
      • What are Log Files, Exactly?
      • Learning to Read the Log
        • What about this?
        • Status Codes for HTTP 1.1
      • Log File Analysis
        • User Agent Strings
        • Blocking the IP Range of Countries
        • Where Did They Come From?
      • Care and Feeding of Your Log Files
        • Steps to Care of Your Log Files
      • Tools to Review Your Log Files
        • BSQ-SiteStats
        • JoomlaWatch
        • AWStats
      • Summary
    • 9. SSL for Your Joomla! Site
      • What is SSL/TLS?
        • Using SSL to Establish a Secret Session
          • Establishing an SSL Session
        • Certificates of Authenticity
        • Certificate Obtainment
      • Process Steps for SSL
        • Joomla! SSL
              • Joomla! SSL Method
      • Performance Considerations
      • Other Resources
      • Summary
    • 10. Incident Management
      • Creating an Incident Response Policy
      • Developing Procedures Based on Policy to Respond to Incidents
        • Handling an Incident
        • Communicating with Outside Parties Regarding Incidents
        • Selecting a Team Structure
      • Summary
    • A. Security Handbook
      • Security Handbook Reference
      • General Information
        • Preparing Your Tool Kit
        • Backup Tools
        • Assistance Checklist
        • Daily Operations
        • Basic Security Checklist
      • Tools
        • Nmap
        • Telnet
        • FTP
        • Virus Scanning
        • JCheck
        • Joomla! Tools Suite
        • Tools for Firefox Users
          • Netstat
          • Wireshark
          • Nessus
      • Ports
              • WELL-KNOWN PORT NUMBERS
              • Ports used by Backdoor Tools
      • Logs
        • Apache Status Codes
        • Common Log Format
        • Country Information: Top-Level Domain Codes
      • List of Critical Settings
        • .htaccess
        • php. ini
          • References to Learn More about php.ini
      • General Apache Information
      • List of Ports
      • Summary
    • Index
  • Titel: Joomla! Web Security. Secure your Joomla! website from common security threats with this easy-to-use guide
  • Autor: Chris Davenport, Tom Canavan
  • Originaler Titel: Joomla! Web Security. Secure your Joomla! website from common security threats with this easy-to-use guide
  • ISBN: 9781847194893, 9781847194893
  • Veröffentlichungsdatum: 2008-10-15
  • Format: E-book
  • Artikelkennung: e_3b30
  • Verleger: Packt Publishing