Joomla! Web Security Table Of Contents


Table of Contents

Preface
Chapter 1: Let's Get Started
Chapter 2: Test and Development
Chapter 3: Tools
Chapter 4: Vulnerabilities
Chapter 5: Anatomy of Attacks
Chapter 6: How the Bad Guys Do It
Chapter 7: php.ini and .htaccess
Chapter 8: Log Files
Chapter 9: SSL for Your Joomla! Site
Chapter 10: Incident Management
Appendix: Security Handbook
Index

  • Chapter 1: Let's Get Started
    • Introduction
    • Common Terminology
    • Hosting—Selection and Unique Needs
      • What Is a Host?
      • Choosing a Host
      • Questions to Ask a Prospective Host
      • Facilities
      • Things to Ask Your Host about Facility Security
      • Environmental Questions about the Facility
      • Site Monitoring and Protection
      • Patching and Security
      • Shared Hosting
      • Dedicated Hosting
    • Architecting for a Successful Site
      • What Is the Purpose of Your Site?
      • Eleven Steps to Successful Site Architecture
    • Downloading Joomla!
      • Settings
    • .htaccess
    • Permissions
      • User Management
    • Common Trip Ups
      • Failure to Check Vulnerability List First
      • Register Globals, Again
      • Permissions
      • Poor Documentation
      • Got Backups?
  • Setting Up Security Metrics
  • Summary
  • Chapter 2: Test and Development
    • Welcome to the Laboratory!
      • Test and Development Environment
      • What Does This Have to Do with Security?
      • The Evil Hamster Wheel of Upgrades
        • Determine the Need for Upgrade
      • Developing Your Test Plan
        • Essential Parameters for a Successful Test
      • Using Your Test and Development Site for Disaster Planning
        • Updating Your Disaster Recovery Documentation
        • Make DR Testing a Part of Your Upgrade/Rollout Cycle
      • Crafting Good Documentation
      • Using a Software Development Management System
        • Tour of Lighthouse from Artifact Software
    • Reporting
    • Using the Ravenswood Joomla! Server
      • Roll-out
    • Summary
  • Chapter 3: Tools
    • Introduction
    • Tools, Tools, and More Tools
      • HISA
        • Installation Check
        • Web-Server Environment
        • Required Settings for Joomla!
        • Recommended Settings
      • Joomla Tools Suite with Services
      • How's Our Health?
      • NMAP—Network Mapping Tool from insecure.org
      • Wireshark
      • Metasploit—The Penetration Testers Tool Set
      • Nessus Vulnerability Scanner
        • Why You Need Nessus
    • Summary
  • Chapter 4: Vulnerabilities
    • Introduction
    • Importance of Patching is Paramount
    • What is a Vulnerability?
      • Memory Corruption Vulnerabilities
      • SQL Injections
      • Command Injection Attacks
        • Attack Example
      • Why do Vulnerabilities Exist?
      • What Can be Done to Prevent Vulnerabilities?
        • Developers
        • Poor Testing and Planning
      • Forbidden
      • Improper Variable Sanitization and Dangerous Inputs
      • Not Testing in a Broad Enough Environment
      • Testing for Various Versions of SQL
      • Interactions with Other Third-Party Extensions
    • End Users
      • Social Engineering
      • Poor Patching and Updating
    • Summary
  • Chapter 5: Anatomy of Attacks
    • Introduction
    • SQL Injections
      • Testing for SQL Injections
      • A Few Methods to Prevent SQL Injections
      • And According to PHP.NET
    • Remote File Includes
      • The Most Basic Attempt
      • What Can We Do to Stop This?
      • Preventing RFI Attacks
    • Summary
  • Chapter 6: How the Bad Guys Do It
    • Laws on the Books
    • Acquiring Target
    • Sizing up the Target
    • Vulnerability Tools
      • Nessus
      • Nikto: An Open-Source Vulnerability Scanner
      • Acunetix
      • NMAP
      • Wireshark
      • Ping Sweep
      • Firewalk
      • Angry IP Scanner
      • Digital Graffiti versus Real Attacks
    • Finding Targets to Attack
    • What Do I Do Then?
    • Countermeasures
      • But What If My Host Won't Cooperate?
      • What If My Website Is Broken into and Defaced?
      • What If a Rootkit Has Been Placed on My Server?
    • Closing Words
    • Summary
  • Chapter 7: php.ini and .htaccess
    • .htaccess
      • Bandwidth Preservation
      • Disable the Server Signature
      • Prevent Access to .htaccess
      • Prevent Access to Any File
      • Prevent Access to Multiple File Types
      • Prevent Unauthorized Directory Browsing
      • Disguise Script Extensions
      • Limit Access to the Local Area Network (LAN)
      • Secure Directories by IP and/or Domain
      • Deny or Allow Domain Access for IP Range
      • Stop Hotlinking, Serve Alternate Content
      • Block Robots, Site Rippers, Offline Browsers, and Other Evils
        • More Stupid Blocking Tricks
      • Password-Protect Files, Directories, and More
        • Protecting Your Development Site until it's Ready
      • Activating SSL via .htaccess
      • Automatically CHMOD Various File Types
      • Limit File Size to Protect Against Denial-of-Service Attacks
      • Deploy Custom Error Pages
      • Provide a Universal Error Document
      • Prevent Access During Specified Time Periods
      • Redirect String Variations to a Specific Address
      • Disable magic_quotes_gpc for PHP-Enabled Servers
    • php.ini
      • But What is the php.ini File?
      • How php.ini is Read
    • Summary
  • Chapter 8: Log Files
    • What are Log Files, Exactly?
    • Learning to Read the Log
      • What about this?
      • Status Codes for HTTP 1.1
    • Log File Analysis
      • User Agent Strings
      • Blocking the IP Range of Countries
      • Where Did They Come From?
    • Care and Feeding of Your Log Files
      • Steps to Care of Your Log Files
    • Tools to Review Your Log Files
      • BSQ-SiteStats
      • JoomlaWatch
      • AWStats
    • Summary
  • Chapter 9: SSL for Your Joomla! Site
    • What is SSL/TLS?
      • Using SSL to Establish a Secret Session
        • Establishing an SSL Session
      • Certificates of Authenticity
      • Certificate Obtainment
    • Process Steps for SSL
      • Joomla! SSL
    • Performance Considerations
    • Other Resources
    • Summary
  • Chapter 10: Incident Management
    • Creating an Incident Response Policy
    • Developing Procedures Based on Policy to Respond to Incidents
      • Handling an Incident
      • Communicating with Outside Parties Regarding Incidents
      • Selecting a Team Structure
    • Summary
  • Appendix: Security Handbook
    • Security Handbook Reference
    • General Information
      • Preparing Your Tool Kit
      • Backup Tools
      • Assistance Checklist
      • Daily Operations
      • Basic Security Checklist
    • Tools
      • Nmap
      • Telnet
      • FTP
      • Virus Scanning
      • JCheck
      • Joomla! Tools Suite
      • Tools for Firefox Users
        • Netstat
        • Wireshark
        • Nessus
    • Ports
    • Logs
      • Apache Status Codes
      • Common Log Format
      • Country Information: Top-Level Domain Codes
    • List of Critical Settings
      • .htaccess
      • php. ini
        • References to Learn More about php.ini
    • General Apache Information
    • List of Ports
    • Summary

Book backreference: 
Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software

All Books (1892)

Latest Releases

Video (44)

Application Development (247)

Big Data and Business Intelligence (140)

CMS and eCommerce (233)

Enterprise Products and Platforms (323)

Game Development (106)

Instant (224)

Mobile Application Development (84)

Networking and Servers (141)

Other (234)

Virtualization and Cloud (58)

Web Development (347)