Joomla! is one of the most powerful open-source content management systems used to build websites and other powerful online applications. While Joomla! itself is inherently safe, misconfigurations, vulnerable components, poorly configured hosts, and weak passwords can all contribute to the downfall of your site. So, you need to know how to secure your website from security threats. Today every website needs to take security into consideration. Using the knowledge here, your Joomla! site can be ahead of the security threats so prevalent today. This book will take you all the way from the most basic steps of preparation to the nuts and bolts of actual protection. It is packed full of relevant and real-world topics such as security tools, configuration suggestions, setting up your test and development environment, reading and interpreting log files, and techniques used by bad hackers on the Internet. In addition to this you will learn how to respond to a site emergency should one occur and how to collect the evidence needed to pursue law enforcement action. The book provides a concise overview of all the parts needed to construct a defence-in-depth strategy for your Joomla! site. At the end of the book you will have a solid security foundation to take your Joomla! website to a higher level of security than the basic site setup. What you will learn from this book? This book covers: * Implementing steps for successful Joomla! website architecture * Setting up metrics to measure security * Exploring the test and development environment; developing your test plan to make sure everything will work as planned * Utilizing your test and development site for disaster recovery * Measuring the performance of your software development projects using a software development management system * Exploring several tools to help protect your website * Diving into security vulnerabilities: why they exist; some typical counter measures * Exploring SQL Injections - how they can hurt you and how to prevent them * Mastering the two important security layers - php.ini and .htaccess * Reading and analyzing logs relevant to protecting your Joomla! site * Handling Security Incidents in a professional manner * Blocking nuisance IP addresses Approach This book will give you a strong, hands-on approach to security. It starts out with the most basic of considerations such as choosing the right hosting sites then moves quickly into securing the Joomla! site and servers. This is a security handbook for Joomla! sites. It is an easy-to-use guide that will take you step by step into the world of secured websites. Who this book is written for? This book is a must-read for anyone seriously using Joomla! for any kind of business, ranging from small retailers to larger businesses. With this book they will be able to secure their sites, understand the attackers, and more, without the drudging task of looking up in forums, only to be flamed, or not even find the answers. Prior knowledge of Joomla! is expected but no prior knowledge of securing websites is needed for this book. The reader will gain a moderate to strong level of knowledge on strengthening their sites against hackers.

Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the Web Security Testing Cookbook demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite. Recipes cover the basics from observing messages between clients and servers to multi-phase tests that script the login and execution of web application features. By the end of the book, you'll be able to build tests pinpointed at Ajax functions, as well as large multi-step tests for the usual suspects: cross-site scripting and injection attacks. This book helps you: * Obtain, install, and configure useful-and free-security testing tools * Understand how your application communicates with users, so you can better simulate attacks in your tests * Choose from many different methods that simulate common attacks such as SQL injection, cross-site scripting, and manipulating hidden form fields * Make your tests repeatable by using the scripts and examples in the recipes as starting points for automated tests Don't live in dread of the midnight phone call telling you that your site has been hacked. With Web Security Testing Cookbook and the free tools used in the book's examples, you can incorporate security coverage into your test suite, and sleep in peace.

The only end-to-end guide to securing Apache Web servers and Web applications Apache can be hacked. As companies have improved perimeter security, hackers have increasingly focused on attacking Apache Web servers and Web applications. Firewalls and SSL won’t protect you: you must systematically harden your Web application environment. Preventing Web Attacks with Apache brings together all the information you’ll need to do that: step-by-step guidance, hands-on examples, and tested configuration files. Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against. Exploits discussed include: buffer overflows, denial of service, attacks on vulnerable scripts and programs, credential sniffing and spoofing, client parameter manipulation, brute force attacks, web defacements, and more. Barnett introduces the Center for Internet Security Apache Benchmarks, a set of best-practice Apache security configuration actions and settings he helped to create. He addresses issues related to IT processes and your underlying OS; Apache downloading, installation, and configuration; application hardening; monitoring, and more. He also presents a chapter-length case study using actual Web attack logs and data captured “in the wild.” For every sysadmin, Web professional, and security specialist responsible for Apache or Web application security. With this book, you will learn to * Address the OS-related flaws most likely to compromise Web server security * Perform security-related tasks needed to safely download, configure, and install Apache * Lock down your Apache httpd.conf file and install essential Apache security modules * Test security with the CIS Apache Benchmark Scoring Tool * Use the WASC Web Security Threat Classification to identify and mitigate application threats * Test Apache mitigation settings against the Buggy Bank Web application * Analyze an Open Web Proxy Honeypot to gather crucial intelligence about attackers * Master advanced techniques for detecting and preventing intrusions

Implement bulletproof e-business security the proven Hacking Exposed way Defend against the latest Web-based attacks by looking at your Web applications through the eyes of a malicious intruder. Fully revised and updated to cover the latest Web exploitation techniques, Hacking Exposed Web Applications, Second Edition shows you, step-by-step, how cyber-criminals target vulnerable sites, gain access, steal critical data, and execute devastating attacks. All of the cutting-edge threats and vulnerabilities are covered in full detail alongside real-world examples, case studies, and battle-tested countermeasures from the authors' experiences as gray hat security professionals. From the Back Cover Implement bulletproof e-business security the proven Hacking Exposed way Defend against the latest Web-based attacks by looking at your Web applications through the eyes of a malicious intruder. Fully revised and updated to cover the latest Web exploitation techniques, Hacking Exposed Web Applications, Second Edition shows you, step-by-step, how cyber-criminals target vulnerable sites, gain access, steal critical data, and execute devastating attacks. All of the cutting-edge threats and vulnerabilities are covered in full detail alongside real-world examples, case studies, and battle-tested countermeasures from the authors' experiences as gray hat security professionals. * Find out how hackers use infrastructure and application profiling to perform reconnaissance and enter vulnerable systems * Get details on exploits, evasion techniques, and countermeasures for the most popular Web platforms, including IIS, Apache, PHP, and ASP.NET * Learn the strengths and weaknesses of common Web authentication mechanisms, including password-based, multifactor, and single sign-on mechanisms like Passport * See how to excise the heart of any Web application's access controls through advanced session analysis, hijacking, and fixation techniques * Find and fix input validation flaws, including cross-site scripting (XSS), SQL injection, HTTP response splitting, encoding, and special character abuse * Get an in-depth presentation of the newest SQL injection techniques, including blind attacks, advanced exploitation through subqueries, Oracle exploits, and improved countermeasures * Learn about the latest XML Web Services hacks, Web management attacks, and DDoS attacks, including click fraud * Tour Firefox and IE exploits, as well as the newest socially-driven client attacks like phishing and adware

Protect your Web 2.0 architecture against the latest wave of cybercrime using expert tactics from Internet security professionals. Hacking Exposed Web 2.0 shows how hackers perform reconnaissance, choose their entry point, and attack Web 2.0-based services, and reveals detailed countermeasures and defense techniques. You'll learn how to avoid injection and buffer overflow attacks, fix browser and plug-in flaws, and secure AJAX, Flash, and XML-driven applications. Real-world case studies illustrate social networking site weaknesses, cross-site attack methods, migration vulnerabilities, and IE7 shortcomings. * Plug security holes in Web 2.0 implementations the proven Hacking Exposed way * Learn how hackers target and abuse vulnerable Web 2.0 applications, browsers, plug-ins, online databases, user inputs, and HTML forms * Prevent Web 2.0-based SQL, XPath, XQuery, LDAP, and command injection attacks * Circumvent XXE, directory traversal, and buffer overflow exploits * Learn XSS and Cross-Site Request Forgery methods attackers use to bypass browser security controls * Fix vulnerabilities in Outlook Express and Acrobat Reader add-ons * Use input validators and XML classes to reinforce ASP and .NET security * Eliminate unintentional exposures in ASP.NET AJAX (Atlas), Direct Web Remoting, Sajax, and GWT Web applications * Mitigate ActiveX security exposures using SiteLock, code signing, and secure controls * Find and fix Adobe Flash vulnerabilities and DNS rebinding attacks