Free Sample
+ Collection

Joomla! Web Security

Starting
Tom Canavan

Secure your Joomla! website from common security threats with this easy-to-use guide
$15.60
$39.99
RRP $23.99
RRP $39.99
eBook
Print + eBook

Want this title & more?

$16.99 p/month

Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.

Book Details

ISBN 139781847194886
Paperback264 pages

About This Book

  • Learn how to secure your Joomla! websites
  • Real-world tools to protect against hacks on your site
  • Implement disaster recovery features
  • Set up SSL on your site
  • Covers Joomla! 1.0 as well as 1.5

Who This Book Is For

This book is a must-read for anyone seriously using Joomla! for any kind of business, ranging from small retailers to larger businesses. With this book they will be able to secure their sites, understand the attackers, and more, without the drudging task of looking up in forums, only to be flamed, or not even find the answers.

Prior knowledge of Joomla! is expected but no prior knowledge of securing websites is needed for this book. The reader will gain a moderate to strong level of knowledge on strengthening their sites against hackers.

Table of Contents

Chapter 1: Let's Get Started
Introduction
Common Terminology
Hosting—Selection and Unique Needs
Architecting for a Successful Site
Downloading Joomla!
.htaccess
Permissions
Common Trip Ups
Setting Up Security Metrics
Summary
Chapter 2: Test and Development
Welcome to the Laboratory!
Reporting
Using the Ravenswood Joomla! Server
Summary
Chapter 3: Tools
Introduction
Tools, Tools, and More Tools
Summary
Chapter 4: Vulnerabilities
Introduction
Importance of Patching is Paramount
What is a Vulnerability?
End Users
Summary
Chapter 5: Anatomy of Attacks
Introduction
SQL Injections
Remote File Includes
Summary
Chapter 6: How the Bad Guys Do It
Laws on the Books
Acquiring Target
Sizing up the Target
Vulnerability Tools
Finding Targets to Attack
What Do I Do Then?
Countermeasures
Closing Words
Summary
Chapter 7: php.ini and .htaccess
.htaccess
php.ini
Summary
Chapter 8: Log Files
What are Log Files, Exactly?
Learning to Read the Log
Log File Analysis
Care and Feeding of Your Log Files
Tools to Review Your Log Files
Summary
Chapter 9: SSL for Your Joomla! Site
What is SSL/TLS?
Process Steps for SSL
Performance Considerations
Other Resources
Summary
Chapter 10: Incident Management
Creating an Incident Response Policy
Developing Procedures Based on Policy to Respond to Incidents
Summary

What You Will Learn

This book covers:

  • Implementing steps for successful Joomla! website architecture
  • Setting up metrics to measure security
  • Exploring the test and development environment; developing your test plan to make sure everything will work as planned
  • Utilizing your test and development site for disaster recovery
  • Measuring the performance of your software development projects using a software development management system
  • Exploring several tools to help protect your website
  • Diving into security vulnerabilities: why they exist; some typical counter measures
  • Exploring SQL Injections – how they can hurt you and how to prevent them
  • Mastering the two important security layers – php.ini and .htaccess
  • Reading and analyzing logs relevant to protecting your Joomla! site
  • Handling Security Incidents in a professional manner
  • Blocking nuisance IP addresses

Here is the brief summary of what each chapter talks about:

Introduction – This is an introduction to the concepts of security for your Joomla! site. In this section, we introduce the reader to concepts, tools, and ideas.

Chapter 1: Let's Get Started
– This foundational chapter gets the reader ready by reviewing terminology, understanding hosting companies and how to select. Learning to architect Joomla correctly at the first, where to download Joomla, its important settings, permissions and trip ups and lastly setting up metrics for security.

Chapter 2: Setting up a Test and Development Environment – Once you have your site planned, setting up a test and development environment allows you to make sure each extension will work together as planned. This chapter gives the reader a methodology to effectively set up and use a test/dev environment, with a review of a great tool, Lighthouse™, for software development project management.

Chapter 3: Tools sets to protect – There are a few key tools every Joomla administrator should have in their security arsenal. This chapter covers the tools used to protect your site.

Chapter 4: Introduction to Vulnerabilities – What is a vulnerability? It is anything that can be used against you to hurt your site. This chapter introduces some common vulnerabilities and how they work.

Chapter 5: Anatomy of Attacks – Specific attacks such as SQL Injections are discussed here, with live examples of code used to attack sites, kiddie-scripts, and other more advanced attacks.

Chapter 6: How the Bad Guys Do It – Do you ever wonder what tools the bad guys use? This chapter covers some of the commonly available tools, and how they are used against you.

Chapter 7: PHP.INI and .HTACCESS – This chapter details out the two important safeguards to your infrastructure. It offers a detailed view with code samples of each of these critical files.

Chapter 8: Log Files – Without a doubt, log files are the first, best indication of a coming attack, yet many administrators do no know how to interpret these critical files, or worse yet, ignore them. This chapter will teach the reader how to read log files and take care of them for forensic purposes.

Chapter 9: SSL – SSL is the guardian of e-commerce on the Internet. In this chapter you will learn how SSL works, where to obtain a certificate, and how to implement it in your Joomla! site.

Chapter 10: Best Practices for Incident Management – Even the best laid plans go astray. If a site is actually hit, you have an incident to handle; this chapter will educate you on some best practices for handling the incident in an effective manner.

Chapter 11: Security Administrators' Reference – Looking for that one bit of information? This chapter is a concise reference to highly important items of security information that will be important to your daily efforts in protecting your site.

In Detail

Joomla! is one of the most powerful open-source content management systems used to build websites and other powerful online applications. While Joomla! itself is inherently safe, misconfigurations, vulnerable components, poorly configured hosts, and weak passwords can all contribute to the downfall of your site. So, you need to know how to secure your website from security threats.

Today every website needs to take security into consideration. Using the knowledge here, your Joomla! site can be ahead of the security threats so prevalent today.

This book will take you all the way from the most basic steps of preparation to the nuts and bolts of actual protection. It is packed full of relevant and real-world topics such as security tools, configuration suggestions, setting up your test and development environment, reading and interpreting log files, and techniques used by bad hackers on the Internet. In addition to this you will learn how to respond to a site emergency should one occur and how to collect the evidence needed to pursue law enforcement action. This book covers Joomla! 1.0.x as well as 1.5.x.

The book provides a concise overview of all the parts needed to construct a defence-in-depth strategy for your Joomla! site. At the end of the book you will have a solid security foundation to take your Joomla! website to a higher level of security than the basic site setup.

Authors

Read More