Joomla! Web Security
|Also available on:|
- Learn how to secure your Joomla! websites
- Real-world tools to protect against hacks on your site
- Implement disaster recovery features
- Set up SSL on your site
- Covers Joomla! 1.0 as well as 1.5
Book DetailsLanguage : English
Paperback : 264 pages [ 235mm x 191mm ]
Release Date : October 2008
ISBN : 1847194885
ISBN 13 : 9781847194886
Author(s) : Tom Canavan
Topics and Technologies : All Books, CMS and eCommerce, Security and Testing, Joomla!, Open Source
Table of Contents
Chapter 1: Let's Get Started
Chapter 2: Test and Development
Chapter 3: Tools
Chapter 4: Vulnerabilities
Chapter 5: Anatomy of Attacks
Chapter 6: How the Bad Guys Do It
Chapter 7: php.ini and .htaccess
Chapter 8: Log Files
Chapter 9: SSL for Your Joomla! Site
Chapter 10: Incident Management
Appendix: Security Handbook
I enjoyed Tom Canavan's detached writing style and I learned some interesting things that I applied to all my Joomla! websites. What I especially liked was the fact that the book discusses not only the Joomla! part of a website but also the server side and gives some nice hosting tips.
Download the code and support files for this book.
Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.
Errata- 2 submitted: last submission 10 Sep 2012
Errata type: URL change | Page number: 14
The online searchable database link: http://osvdb.org/search.php
Errata type: Language | Page number: 57
"In that role, I author worked closely with..."
"In that role, I worked closely with..."
What you will learn from this book
This book covers:
- Implementing steps for successful Joomla! website architecture
- Setting up metrics to measure security
- Exploring the test and development environment; developing your test plan to make sure everything will work as planned
- Utilizing your test and development site for disaster recovery
- Measuring the performance of your software development projects using a software development management system
- Exploring several tools to help protect your website
- Diving into security vulnerabilities: why they exist; some typical counter measures
- Exploring SQL Injections – how they can hurt you and how to prevent them
- Mastering the two important security layers – php.ini and .htaccess
- Reading and analyzing logs relevant to protecting your Joomla! site
- Handling Security Incidents in a professional manner
- Blocking nuisance IP addresses
Here is the brief summary of what each chapter talks about:
Introduction – This is an introduction to the concepts of security for your Joomla! site. In this section, we introduce the reader to concepts, tools, and ideas.
Chapter 1: Let's Get Started – This foundational chapter gets the reader ready by reviewing terminology, understanding hosting companies and how to select. Learning to architect Joomla correctly at the first, where to download Joomla, its important settings, permissions and trip ups and lastly setting up metrics for security.
Chapter 2: Setting up a Test and Development Environment – Once you have your site planned, setting up a test and development environment allows you to make sure each extension will work together as planned. This chapter gives the reader a methodology to effectively set up and use a test/dev environment, with a review of a great tool, Lighthouse™, for software development project management.
Chapter 3: Tools sets to protect – There are a few key tools every Joomla administrator should have in their security arsenal. This chapter covers the tools used to protect your site.
Chapter 4: Introduction to Vulnerabilities – What is a vulnerability? It is anything that can be used against you to hurt your site. This chapter introduces some common vulnerabilities and how they work.
Chapter 5: Anatomy of Attacks – Specific attacks such as SQL Injections are discussed here, with live examples of code used to attack sites, kiddie-scripts, and other more advanced attacks.
Chapter 6: How the Bad Guys Do It – Do you ever wonder what tools the bad guys use? This chapter covers some of the commonly available tools, and how they are used against you.
Chapter 7: PHP.INI and .HTACCESS – This chapter details out the two important safeguards to your infrastructure. It offers a detailed view with code samples of each of these critical files.
Chapter 8: Log Files – Without a doubt, log files are the first, best indication of a coming attack, yet many administrators do no know how to interpret these critical files, or worse yet, ignore them. This chapter will teach the reader how to read log files and take care of them for forensic purposes.
Chapter 9: SSL – SSL is the guardian of e-commerce on the Internet. In this chapter you will learn how SSL works, where to obtain a certificate, and how to implement it in your Joomla! site.
Chapter 10: Best Practices for Incident Management – Even the best laid plans go astray. If a site is actually hit, you have an incident to handle; this chapter will educate you on some best practices for handling the incident in an effective manner.
Chapter 11: Security Administrators' Reference – Looking for that one bit of information? This chapter is a concise reference to highly important items of security information that will be important to your daily efforts in protecting your site.
Joomla! is one of the most powerful open-source content management systems used to build websites and other powerful online applications. While Joomla! itself is inherently safe, misconfigurations, vulnerable components, poorly configured hosts, and weak passwords can all contribute to the downfall of your site. So, you need to know how to secure your website from security threats.
Today every website needs to take security into consideration. Using the knowledge here, your Joomla! site can be ahead of the security threats so prevalent today.
This book will take you all the way from the most basic steps of preparation to the nuts and bolts of actual protection. It is packed full of relevant and real-world topics such as security tools, configuration suggestions, setting up your test and development environment, reading and interpreting log files, and techniques used by bad hackers on the Internet. In addition to this you will learn how to respond to a site emergency should one occur and how to collect the evidence needed to pursue law enforcement action. This book covers Joomla! 1.0.x as well as 1.5.x.
The book provides a concise overview of all the parts needed to construct a defence-in-depth strategy for your Joomla! site. At the end of the book you will have a solid security foundation to take your Joomla! website to a higher level of security than the basic site setup.
Are you concerned about the security of your Joomla! website and you don't know what to do? – read this easy-to-use practical guide and learn how to implement strong security measures.
Slashdot: "There is a ton of good information here and I recommend the book."
Mylro.org: "Technical books can be sometimes boring, especially when they talk about things you already know. This is not the case with Joomla! Web Security. I enjoyed Tom Canavan's detached writing style and I learned some interesting things that I applied to all my Joomla! websites. What I especially liked was the fact that the book discusses not only the Joomla! part of a website but also the server side and gives some nice hosting tips. If you're a junior or intermediate Joomla! user I would highly recommend it."
JoomlaNYC: "This is “a must” read book for all people that care about the security of a website. The book offers an excellent primer on basic web-security. It is written for the person who has not yet mastered the skills needed to properly secure a website."
This book will give you a strong, hands-on approach to security. It starts out with the most basic of considerations such as choosing the right hosting sites then moves quickly into securing the Joomla! site and servers. This is a security handbook for Joomla! sites. It is an easy-to-use guide that will take you step by step into the world of secured websites.
Who this book is for
This book is a must-read for anyone seriously using Joomla! for any kind of business, ranging from small retailers to larger businesses. With this book they will be able to secure their sites, understand the attackers, and more, without the drudging task of looking up in forums, only to be flamed, or not even find the answers.
Prior knowledge of Joomla! is expected but no prior knowledge of securing websites is needed for this book. The reader will gain a moderate to strong level of knowledge on strengthening their sites against hackers.