1 мая 2009 | Автор: Admin | Рубрика: Компьютерная литература » Програм-ние и разработка » PHP | Комментариев: 0
Joomla! Web Security
Packt Publishing Limited | October 2008 | ISBN: 1847194885 | 264 pages | PDF | 7.66 MB
Joomla! is one of the most powerful open-source content management systems used to build websites and other powerful online applications. While Joomla! itself is inherently safe, misconfigurations, vulnerable components, poorly configured hosts, and weak passwords can all contribute to the downfall of your site. So, you need to know how to secure your website from security threats.
Today every website needs to take security into consideration. Using the knowledge here, your Joomla! site can be ahead of the security threats so prevalent today.
This book will take you all the way from the most basic steps of preparation to the nuts and bolts of actual protection. It is packed full of relevant and real-world topics such as security tools, configuration suggestions, setting up your test and development environment, reading and interpreting log files, and techniques used by bad hackers on the Internet. In addition to this you will learn how to respond to a site emergency should one occur and how to collect the evidence needed to pursue law enforcement action. This book covers Joomla! 1.0.x as well as 1.5.x.
The book provides a concise overview of all the parts needed to construct a defence-in-depth strategy for your Joomla! site. At the end of the book you will have a solid security foundation to take your Joomla! website to a higher level of security than the basic site setup.
Read the full Table of Contents for Joomla! Web Security
What you will learn from this book
This book covers:
* Implementing steps for successful Joomla! website architecture
* Setting up metrics to measure security
* Exploring the test and development environment; developing your test plan to make sure everything will work as planned
* Utilizing your test and development site for disaster recovery
* Measuring the performance of your software development projects using a software development management system
* Exploring several tools to help protect your website
* Diving into security vulnerabilities: why they exist; some typical counter measures
* Exploring SQL Injections – how they can hurt you and how to prevent them
* Mastering the two important security layers – php.ini and .htaccess
* Reading and analyzing logs relevant to protecting your Joomla! site
* Handling Security Incidents in a professional manner
* Blocking nuisance IP addresses
Here is the brief summary of what each chapter talks about:
Introduction – This is an introduction to the concepts of security for your Joomla! site. In this section, we introduce the reader to concepts, tools, and ideas.
Chapter 1: Let's Get Started – This foundational chapter gets the reader ready by reviewing terminology, understanding hosting companies and how to select. Learning to architect Joomla correctly at the first, where to download Joomla, its important settings, permissions and trip ups and lastly setting up metrics for security.
Chapter 2: Setting up a Test and Development Environment – Once you have your site planned, setting up a test and development environment allows you to make sure each extension will work together as planned. This chapter gives the reader a methodology to effectively set up and use a test/dev environment, with a review of a great tool, Lighthouse™, for software development project management.
Chapter 3: Tools sets to protect – There are a few key tools every Joomla administrator should have in their security arsenal. This chapter covers the tools used to protect your site.
Chapter 4: Introduction to Vulnerabilities – What is a vulnerability? It is anything that can be used against you to hurt your site. This chapter introduces some common vulnerabilities and how they work.
Chapter 5: Anatomy of Attacks – Specific attacks such as SQL Injections are discussed here, with live examples of code used to attack sites, kiddie-scripts, and other more advanced attacks.
Chapter 6: How the Bad Guys Do It – Do you ever wonder what tools the bad guys use? This chapter covers some of the commonly available tools, and how they are used against you.
Chapter 7: PHP.INI and .HTACCESS – This chapter details out the two important safeguards to your infrastructure. It offers a detailed view with code samples of each of these critical files.
Chapter 8: Log Files – Without a doubt, log files are the first, best indication of a coming attack, yet many administrators do no know how to interpret these critical files, or worse yet, ignore them. This chapter will teach the reader how to read log files and take care of them for forensic purposes.
Chapter 9: SSL – SSL is the guardian of e-commerce on the Internet. In this chapter you will learn how SSL works, where to obtain a certificate, and how to implement it in your Joomla! site.
Chapter 10: Best Practices for Incident Management – Even the best laid plans go astray. If a site is actually hit, you have an incident to handle; this chapter will educate you on some best practices for handling the incident in an effective manner.
Chapter 11: Security Administrators' Reference – Looking for that one bit of information? This chapter is a concise reference to highly important items of security information that will be important to your daily efforts in protecting your site.
This book will give you a strong, hands-on approach to security. It starts out with the most basic of considerations such as choosing the right hosting sites then moves quickly into securing the Joomla! site and servers. This is a security handbook for Joomla! sites. It is an easy-to-use guide that will take you step by step into the world of secured websites.
Who this book is written for
This book is a must-read for anyone seriously using Joomla! for any kind of business, ranging from small retailers to larger businesses. With this book they will be able to secure their sites, understand the attackers, and more, without the drudging task of looking up in forums, only to be flamed, or not even find the answers.
Prior knowledge of Joomla! is expected but no prior knowledge of securing websites is needed for this book. The reader will gain a moderate to strong level of knowledge on strengthening their sites against hackers.