Joomla! Web Security. Secure your Joomla! website from common security threats with this easy-to-use guide - E-book - Chris Davenport, Tom Canavan - Moderne lernplattform

Kategorien

Details zum E-Book

Einloggen, wenn Sie am Inhalt des Artikels interessiert sind.

Joomla! Web Security. Secure your Joomla! website from common security threats with this easy-to-use guide

Chris Davenport, Tom Canavan

E-book

Joomla! Web Security
- Table of Contents
- Joomla! Web Security
- Credits
- About the Author
- About the Reviewer
- Preface
  - What This Book Covers
  - Who is This Book For
  - Conventions
  - Reader Feedback
  - Customer Support
    - Downloading the Example Code for the Book
    - Errata
    - Piracy
    - Questions
- 1. Lets Get Started
  - Introduction
  - Common Terminology
  - HostingSelection and Unique Needs
    - What Is a Host?
    - Choosing a Host
    - Questions to Ask a Prospective Host
    - Facilities
    - Things to Ask Your Host about Facility Security
    - Environmental Questions about the Facility
    - Site Monitoring and Protection
    - Patching and Security
    - Shared Hosting
    - Dedicated Hosting
  - Architecting for a Successful Site
    - What Is the Purpose of Your Site?
    - Eleven Steps to Successful Site Architecture
  - Downloading Joomla!
    - Settings
  - .htaccess
  - Permissions
    - User Management
  - Common Trip Ups
    - Failure to Check Vulnerability List First
      - Register Globals, Again
      - Permissions
      - Poor Documentation
      - Got Backups?
  - Setting Up Security Metrics
    - - Establishing a Baseline
        
        Server Security Metrics
        
        Personal Computing Security Metrics
        
        Incident ReportingForums and Host
  - Summary
- 2. Test and Development
  - Welcome to the Laboratory!
    - Test and Development Environment
    - What Does This Have to Do with Security?
    - The Evil Hamster Wheel of Upgrades
      - Determine the Need for Upgrade
    - Developing Your Test Plan
      - Essential Parameters for a Successful Test
        
        Purpose of This Test
    - Using Your Test and Development Site for Disaster Planning
      - Updating Your Disaster Recovery Documentation
      - Make DR Testing a Part of Your Upgrade/Rollout Cycle
    - Crafting Good Documentation
    - Using a Software Development Management System
      - Tour of Lighthouse from Artifact Software
  - Reporting
  - Using the Ravenswood Joomla! Server
    - Roll-out
  - Summary
- 3. Tools
  - Introduction
  - Tools, Tools, and More Tools
    - HISA
      - Installation Check
      - Web-Server Environment
      - Required Settings for Joomla!
      - Recommended Settings
    - Joomla Tools Suite with Services
    - How's Our Health?
    - NMAPNetwork Mapping Tool from insecure.org
    - Wireshark
    - MetasploitThe Penetration Testers Tool Set
    - Nessus Vulnerability Scanner
      - Why You Need Nessus
  - Summary
- 4. Vulnerabilities
  - Introduction
  - Importance of Patching is Paramount
  - What is a Vulnerability?
    - Memory Corruption Vulnerabilities
    - SQL Injections
    - Command Injection Attacks
      - Attack Example
    - Why do Vulnerabilities Exist?
    - What Can be Done to Prevent Vulnerabilities?
      - Developers
      - Poor Testing and Planning
    - Forbidden
    - Improper Variable Sanitization and Dangerous Inputs
    - Not Testing in a Broad Enough Environment
    - Testing for Various Versions of SQL
    - Interactions with Other Third-Party Extensions
  - End Users
    - Social Engineering
    - Poor Patching and Updating
  - Summary
- 5. Anatomy of Attacks
  - Introduction
  - SQL Injections
    - Testing for SQL Injections
    - A Few Methods to Prevent SQL Injections
    - And According to PHP.NET
  - Remote File Includes
    - The Most Basic Attempt
    - What Can We Do to Stop This?
      - I'm Using Joomla 1.5 so I'm Safe!
    - Preventing RFI Attacks
  - Summary
- 6. How the Bad Guys Do It
  - Laws on the Books
  - Acquiring Target
  - Sizing up the Target
  - Vulnerability Tools
    - Nessus
    - Nikto: An Open-Source Vulnerability Scanner
    - Acunetix
    - NMAP
    - Wireshark
    - Ping Sweep
    - Firewalk
    - Angry IP Scanner
    - Digital Graffiti versus Real Attacks
  - Finding Targets to Attack
  - What Do I Do Then?
  - Countermeasures
    - But What If My Host Won't Cooperate?
    - What If My Website Is Broken into and Defaced?
    - What If a Rootkit Has Been Placed on My Server?
  - Closing Words
  - Summary
- 7. php.ini and .htaccess
  - .htaccess
    - Bandwidth Preservation
    - Disable the Server Signature
    - Prevent Access to .htaccess
    - Prevent Access to Any File
    - Prevent Access to Multiple File Types
    - Prevent Unauthorized Directory Browsing
    - Disguise Script Extensions
    - Limit Access to the Local Area Network (LAN)
    - Secure Directories by IP and/or Domain
    - Deny or Allow Domain Access for IP Range
    - Stop Hotlinking, Serve Alternate Content
    - Block Robots, Site Rippers, Offline Browsers, and Other Evils
      - More Stupid Blocking Tricks
    - Password-Protect Files, Directories, and More
      - Protecting Your Development Site until it's Ready
    - Activating SSL via .htaccess
    - Automatically CHMOD Various File Types
    - Limit File Size to Protect Against Denial-of-Service Attacks
    - Deploy Custom Error Pages
    - Provide a Universal Error Document
    - Prevent Access During Specified Time Periods
    - Redirect String Variations to a Specific Address
    - Disable magic_quotes_gpc for PHP-Enabled Servers
  - php.ini
    - But What is the php.ini File?
    - How php.ini is Read
      - Machine Information
  - Summary
- 8. Log Files
  - What are Log Files, Exactly?
  - Learning to Read the Log
    - What about this?
    - Status Codes for HTTP 1.1
  - Log File Analysis
    - User Agent Strings
    - Blocking the IP Range of Countries
    - Where Did They Come From?
  - Care and Feeding of Your Log Files
    - Steps to Care of Your Log Files
  - Tools to Review Your Log Files
    - BSQ-SiteStats
    - JoomlaWatch
    - AWStats
  - Summary
- 9. SSL for Your Joomla! Site
  - What is SSL/TLS?
    - Using SSL to Establish a Secret Session
      - Establishing an SSL Session
    - Certificates of Authenticity
    - Certificate Obtainment
  - Process Steps for SSL
    - Joomla! SSL
      - Joomla! SSL Method
  - Performance Considerations
  - Other Resources
  - Summary
- 10. Incident Management
  - Creating an Incident Response Policy
  - Developing Procedures Based on Policy to Respond to Incidents
    - Handling an Incident
    - Communicating with Outside Parties Regarding Incidents
    - Selecting a Team Structure
  - Summary
- A. Security Handbook
  - Security Handbook Reference
  - General Information
    - Preparing Your Tool Kit
    - Backup Tools
    - Assistance Checklist
    - Daily Operations
    - Basic Security Checklist
  - Tools
    - Nmap
    - Telnet
    - FTP
    - Virus Scanning
    - JCheck
    - Joomla! Tools Suite
    - Tools for Firefox Users
      - Netstat
      - Wireshark
      - Nessus
  - Ports
    - - WELL-KNOWN PORT NUMBERS
        
        Ports used by Backdoor Tools
  - Logs
    - Apache Status Codes
    - Common Log Format
    - Country Information: Top-Level Domain Codes
  - List of Critical Settings
    - .htaccess
    - php. ini
      - References to Learn More about php.ini
  - General Apache Information
  - List of Ports
  - Summary
- Index

Titel: Joomla! Web Security. Secure your Joomla! website from common security threats with this easy-to-use guide
Autor: Chris Davenport, Tom Canavan
Originaler Titel: Joomla! Web Security. Secure your Joomla! website from common security threats with this easy-to-use guide
ISBN: 9781847194893, 9781847194893
Veröffentlichungsdatum: 2008-10-15
Format: E-book
Artikelkennung: e_3b30
Verleger: Packt Publishing

wählen sie eine sprache

Kategorien

Details zum E-Book