Деталі електронної книги

Joomla! Web Security. Secure your Joomla! website from common security threats with this easy-to-use guide

Joomla! Web Security. Secure your Joomla! website from common security threats with this easy-to-use guide

Tom Canavan

EЛЕКТРОННА КНИГА
Купуйте видання на ebookpoint.pl
This book will give you a strong, hands-on approach to security. It starts out with the most basic of considerations such as choosing the right hosting sites then moves quickly into securing the Joomla! site and servers. This is a security handbook for Joomla! sites. It is an easy-to-use guide that will take you step by step into the world of secured websites. This book is a must-read for anyone seriously using Joomla! for any kind of business, ranging from small retailers to larger businesses. With this book they will be able to secure their sites, understand the attackers, and more, without the drudging task of looking up in forums, only to be flamed, or not even find the answers. Prior knowledge of Joomla! is expected but no prior knowledge of securing websites is needed for this book. The reader will gain a moderate to strong level of knowledge on strengthening their sites against hackers.
  • Joomla! Web Security
    • Table of Contents
    • Joomla! Web Security
    • Credits
    • About the Author
    • About the Reviewer
    • Preface
      • What This Book Covers
      • Who is This Book For
      • Conventions
      • Reader Feedback
      • Customer Support
        • Downloading the Example Code for the Book
        • Errata
        • Piracy
        • Questions
    • 1. Lets Get Started
      • Introduction
      • Common Terminology
      • HostingSelection and Unique Needs
        • What Is a Host?
        • Choosing a Host
        • Questions to Ask a Prospective Host
        • Facilities
        • Things to Ask Your Host about Facility Security
        • Environmental Questions about the Facility
        • Site Monitoring and Protection
        • Patching and Security
        • Shared Hosting
        • Dedicated Hosting
      • Architecting for a Successful Site
        • What Is the Purpose of Your Site?
        • Eleven Steps to Successful Site Architecture
      • Downloading Joomla!
        • Settings
      • .htaccess
      • Permissions
        • User Management
      • Common Trip Ups
        • Failure to Check Vulnerability List First
          • Register Globals, Again
          • Permissions
          • Poor Documentation
          • Got Backups?
      • Setting Up Security Metrics
              • Establishing a Baseline
              • Server Security Metrics
              • Personal Computing Security Metrics
              • Incident ReportingForums and Host
      • Summary
    • 2. Test and Development
      • Welcome to the Laboratory!
        • Test and Development Environment
        • What Does This Have to Do with Security?
        • The Evil Hamster Wheel of Upgrades
          • Determine the Need for Upgrade
        • Developing Your Test Plan
          • Essential Parameters for a Successful Test
              • Purpose of This Test
        • Using Your Test and Development Site for Disaster Planning
          • Updating Your Disaster Recovery Documentation
          • Make DR Testing a Part of Your Upgrade/Rollout Cycle
        • Crafting Good Documentation
        • Using a Software Development Management System
          • Tour of Lighthouse from Artifact Software
      • Reporting
      • Using the Ravenswood Joomla! Server
        • Roll-out
      • Summary
    • 3. Tools
      • Introduction
      • Tools, Tools, and More Tools
        • HISA
          • Installation Check
          • Web-Server Environment
          • Required Settings for Joomla!
          • Recommended Settings
        • Joomla Tools Suite with Services
        • How's Our Health?
        • NMAPNetwork Mapping Tool from insecure.org
        • Wireshark
        • MetasploitThe Penetration Testers Tool Set
        • Nessus Vulnerability Scanner
          • Why You Need Nessus
      • Summary
    • 4. Vulnerabilities
      • Introduction
      • Importance of Patching is Paramount
      • What is a Vulnerability?
        • Memory Corruption Vulnerabilities
        • SQL Injections
        • Command Injection Attacks
          • Attack Example
        • Why do Vulnerabilities Exist?
        • What Can be Done to Prevent Vulnerabilities?
          • Developers
          • Poor Testing and Planning
        • Forbidden
        • Improper Variable Sanitization and Dangerous Inputs
        • Not Testing in a Broad Enough Environment
        • Testing for Various Versions of SQL
        • Interactions with Other Third-Party Extensions
      • End Users
        • Social Engineering
        • Poor Patching and Updating
      • Summary
    • 5. Anatomy of Attacks
      • Introduction
      • SQL Injections
        • Testing for SQL Injections
        • A Few Methods to Prevent SQL Injections
        • And According to PHP.NET
      • Remote File Includes
        • The Most Basic Attempt
        • What Can We Do to Stop This?
              • I'm Using Joomla 1.5 so I'm Safe!
        • Preventing RFI Attacks
      • Summary
    • 6. How the Bad Guys Do It
      • Laws on the Books
      • Acquiring Target
      • Sizing up the Target
      • Vulnerability Tools
        • Nessus
        • Nikto: An Open-Source Vulnerability Scanner
        • Acunetix
        • NMAP
        • Wireshark
        • Ping Sweep
        • Firewalk
        • Angry IP Scanner
        • Digital Graffiti versus Real Attacks
      • Finding Targets to Attack
      • What Do I Do Then?
      • Countermeasures
        • But What If My Host Won't Cooperate?
        • What If My Website Is Broken into and Defaced?
        • What If a Rootkit Has Been Placed on My Server?
      • Closing Words
      • Summary
    • 7. php.ini and .htaccess
      • .htaccess
        • Bandwidth Preservation
        • Disable the Server Signature
        • Prevent Access to .htaccess
        • Prevent Access to Any File
        • Prevent Access to Multiple File Types
        • Prevent Unauthorized Directory Browsing
        • Disguise Script Extensions
        • Limit Access to the Local Area Network (LAN)
        • Secure Directories by IP and/or Domain
        • Deny or Allow Domain Access for IP Range
        • Stop Hotlinking, Serve Alternate Content
        • Block Robots, Site Rippers, Offline Browsers, and Other Evils
          • More Stupid Blocking Tricks
        • Password-Protect Files, Directories, and More
          • Protecting Your Development Site until it's Ready
        • Activating SSL via .htaccess
        • Automatically CHMOD Various File Types
        • Limit File Size to Protect Against Denial-of-Service Attacks
        • Deploy Custom Error Pages
        • Provide a Universal Error Document
        • Prevent Access During Specified Time Periods
        • Redirect String Variations to a Specific Address
        • Disable magic_quotes_gpc for PHP-Enabled Servers
      • php.ini
        • But What is the php.ini File?
        • How php.ini is Read
              • Machine Information
      • Summary
    • 8. Log Files
      • What are Log Files, Exactly?
      • Learning to Read the Log
        • What about this?
        • Status Codes for HTTP 1.1
      • Log File Analysis
        • User Agent Strings
        • Blocking the IP Range of Countries
        • Where Did They Come From?
      • Care and Feeding of Your Log Files
        • Steps to Care of Your Log Files
      • Tools to Review Your Log Files
        • BSQ-SiteStats
        • JoomlaWatch
        • AWStats
      • Summary
    • 9. SSL for Your Joomla! Site
      • What is SSL/TLS?
        • Using SSL to Establish a Secret Session
          • Establishing an SSL Session
        • Certificates of Authenticity
        • Certificate Obtainment
      • Process Steps for SSL
        • Joomla! SSL
              • Joomla! SSL Method
      • Performance Considerations
      • Other Resources
      • Summary
    • 10. Incident Management
      • Creating an Incident Response Policy
      • Developing Procedures Based on Policy to Respond to Incidents
        • Handling an Incident
        • Communicating with Outside Parties Regarding Incidents
        • Selecting a Team Structure
      • Summary
    • A. Security Handbook
      • Security Handbook Reference
      • General Information
        • Preparing Your Tool Kit
        • Backup Tools
        • Assistance Checklist
        • Daily Operations
        • Basic Security Checklist
      • Tools
        • Nmap
        • Telnet
        • FTP
        • Virus Scanning
        • JCheck
        • Joomla! Tools Suite
        • Tools for Firefox Users
          • Netstat
          • Wireshark
          • Nessus
      • Ports
              • WELL-KNOWN PORT NUMBERS
              • Ports used by Backdoor Tools
      • Logs
        • Apache Status Codes
        • Common Log Format
        • Country Information: Top-Level Domain Codes
      • List of Critical Settings
        • .htaccess
        • php. ini
          • References to Learn More about php.ini
      • General Apache Information
      • List of Ports
      • Summary
    • Index
  • Назва:Joomla! Web Security. Secure your Joomla! website from common security threats with this easy-to-use guide
  • Автор:Tom Canavan
  • Оригінальна назва:Joomla! Web Security. Secure your Joomla! website from common security threats with this easy-to-use guide
  • ISBN:9781847194893, 9781847194893
  • Дата видання:2008-10-15
  • Формат:Eлектронна книга
  • Ідентифікатор видання: e_3b30
  • Видавець: Packt Publishing