Joomla! Web Security. Secure your Joomla! website from common security threats with this easy-to-use guide - Helion
ebook
Autor: Chris Davenport, Tom CanavanTytuł oryginału: Joomla! Web Security. Secure your Joomla! website from common security threats with this easy-to-use guide
ISBN: 9781847194893
stron: 264, Format: ebook
Data wydania: 2008-10-15
Księgarnia: Helion
Cena książki: 129,00 zł
Osoby które kupowały "Joomla! Web Security. Secure your Joomla! website from common security threats with this easy-to-use guide", wybierały także:
- Windows Media Center. Domowe centrum rozrywki 66,67 zł, (8,00 zł -88%)
- Ruby on Rails. Ćwiczenia 18,75 zł, (3,00 zł -84%)
- Przywództwo w świecie VUCA. Jak być skutecznym liderem w niepewnym środowisku 58,64 zł, (12,90 zł -78%)
- Scrum. O zwinnym zarządzaniu projektami. Wydanie II rozszerzone 58,64 zł, (12,90 zł -78%)
- Od hierarchii do turkusu, czyli jak zarządzać w XXI wieku 58,64 zł, (12,90 zł -78%)
Spis treści
Joomla! Web Security. Secure your Joomla! website from common security threats with this easy-to-use guide eBook -- spis treści
- Joomla! Web Security
- Table of Contents
- Joomla! Web Security
- Credits
- About the Author
- About the Reviewer
- Preface
- What This Book Covers
- Who is This Book For
- Conventions
- Reader Feedback
- Customer Support
- Downloading the Example Code for the Book
- Errata
- Piracy
- Questions
- 1. Lets Get Started
- Introduction
- Common Terminology
- HostingSelection and Unique Needs
- What Is a Host?
- Choosing a Host
- Questions to Ask a Prospective Host
- Facilities
- Things to Ask Your Host about Facility Security
- Environmental Questions about the Facility
- Site Monitoring and Protection
- Patching and Security
- Shared Hosting
- Dedicated Hosting
- Architecting for a Successful Site
- What Is the Purpose of Your Site?
- Eleven Steps to Successful Site Architecture
- Downloading Joomla!
- Settings
- .htaccess
- Permissions
- User Management
- Common Trip Ups
- Failure to Check Vulnerability List First
- Register Globals, Again
- Permissions
- Poor Documentation
- Got Backups?
- Failure to Check Vulnerability List First
- Setting Up Security Metrics
- Establishing a Baseline
- Server Security Metrics
- Personal Computing Security Metrics
- Incident ReportingForums and Host
- Summary
- 2. Test and Development
- Welcome to the Laboratory!
- Test and Development Environment
- What Does This Have to Do with Security?
- The Evil Hamster Wheel of Upgrades
- Determine the Need for Upgrade
- Developing Your Test Plan
- Essential Parameters for a Successful Test
- Purpose of This Test
- Essential Parameters for a Successful Test
- Using Your Test and Development Site for Disaster Planning
- Updating Your Disaster Recovery Documentation
- Make DR Testing a Part of Your Upgrade/Rollout Cycle
- Crafting Good Documentation
- Using a Software Development Management System
- Tour of Lighthouse from Artifact Software
- Reporting
- Using the Ravenswood Joomla! Server
- Roll-out
- Summary
- Welcome to the Laboratory!
- 3. Tools
- Introduction
- Tools, Tools, and More Tools
- HISA
- Installation Check
- Web-Server Environment
- Required Settings for Joomla!
- Recommended Settings
- Joomla Tools Suite with Services
- How's Our Health?
- NMAPNetwork Mapping Tool from insecure.org
- Wireshark
- MetasploitThe Penetration Testers Tool Set
- Nessus Vulnerability Scanner
- Why You Need Nessus
- HISA
- Summary
- 4. Vulnerabilities
- Introduction
- Importance of Patching is Paramount
- What is a Vulnerability?
- Memory Corruption Vulnerabilities
- SQL Injections
- Command Injection Attacks
- Attack Example
- Why do Vulnerabilities Exist?
- What Can be Done to Prevent Vulnerabilities?
- Developers
- Poor Testing and Planning
- Forbidden
- Improper Variable Sanitization and Dangerous Inputs
- Not Testing in a Broad Enough Environment
- Testing for Various Versions of SQL
- Interactions with Other Third-Party Extensions
- End Users
- Social Engineering
- Poor Patching and Updating
- Summary
- 5. Anatomy of Attacks
- Introduction
- SQL Injections
- Testing for SQL Injections
- A Few Methods to Prevent SQL Injections
- And According to PHP.NET
- Remote File Includes
- The Most Basic Attempt
- What Can We Do to Stop This?
- I'm Using Joomla 1.5 so I'm Safe!
- Preventing RFI Attacks
- Summary
- 6. How the Bad Guys Do It
- Laws on the Books
- Acquiring Target
- Sizing up the Target
- Vulnerability Tools
- Nessus
- Nikto: An Open-Source Vulnerability Scanner
- Acunetix
- NMAP
- Wireshark
- Ping Sweep
- Firewalk
- Angry IP Scanner
- Digital Graffiti versus Real Attacks
- Finding Targets to Attack
- What Do I Do Then?
- Countermeasures
- But What If My Host Won't Cooperate?
- What If My Website Is Broken into and Defaced?
- What If a Rootkit Has Been Placed on My Server?
- Closing Words
- Summary
- 7. php.ini and .htaccess
- .htaccess
- Bandwidth Preservation
- Disable the Server Signature
- Prevent Access to .htaccess
- Prevent Access to Any File
- Prevent Access to Multiple File Types
- Prevent Unauthorized Directory Browsing
- Disguise Script Extensions
- Limit Access to the Local Area Network (LAN)
- Secure Directories by IP and/or Domain
- Deny or Allow Domain Access for IP Range
- Stop Hotlinking, Serve Alternate Content
- Block Robots, Site Rippers, Offline Browsers, and Other Evils
- More Stupid Blocking Tricks
- Password-Protect Files, Directories, and More
- Protecting Your Development Site until it's Ready
- Activating SSL via .htaccess
- Automatically CHMOD Various File Types
- Limit File Size to Protect Against Denial-of-Service Attacks
- Deploy Custom Error Pages
- Provide a Universal Error Document
- Prevent Access During Specified Time Periods
- Redirect String Variations to a Specific Address
- Disable magic_quotes_gpc for PHP-Enabled Servers
- php.ini
- But What is the php.ini File?
- How php.ini is Read
- Machine Information
- Summary
- .htaccess
- 8. Log Files
- What are Log Files, Exactly?
- Learning to Read the Log
- What about this?
- Status Codes for HTTP 1.1
- Log File Analysis
- User Agent Strings
- Blocking the IP Range of Countries
- Where Did They Come From?
- Care and Feeding of Your Log Files
- Steps to Care of Your Log Files
- Tools to Review Your Log Files
- BSQ-SiteStats
- JoomlaWatch
- AWStats
- Summary
- 9. SSL for Your Joomla! Site
- What is SSL/TLS?
- Using SSL to Establish a Secret Session
- Establishing an SSL Session
- Certificates of Authenticity
- Certificate Obtainment
- Using SSL to Establish a Secret Session
- Process Steps for SSL
- Joomla! SSL
- Joomla! SSL Method
- Joomla! SSL
- Performance Considerations
- Other Resources
- Summary
- What is SSL/TLS?
- 10. Incident Management
- Creating an Incident Response Policy
- Developing Procedures Based on Policy to Respond to Incidents
- Handling an Incident
- Communicating with Outside Parties Regarding Incidents
- Selecting a Team Structure
- Summary
- A. Security Handbook
- Security Handbook Reference
- General Information
- Preparing Your Tool Kit
- Backup Tools
- Assistance Checklist
- Daily Operations
- Basic Security Checklist
- Tools
- Nmap
- Telnet
- FTP
- Virus Scanning
- JCheck
- Joomla! Tools Suite
- Tools for Firefox Users
- Netstat
- Wireshark
- Nessus
- Ports
- WELL-KNOWN PORT NUMBERS
- Ports used by Backdoor Tools
- Logs
- Apache Status Codes
- Common Log Format
- Country Information: Top-Level Domain Codes
- List of Critical Settings
- .htaccess
- php. ini
- References to Learn More about php.ini
- General Apache Information
- List of Ports
- Summary
- Index