In Detail Joomla! is one of the most powerful open-source content management systems used to build websites and other powerful online applications. While Joomla! itself is inherently safe, misconfigurations, vulnerable components, poorly configured hosts, and weak passwords can all contribute to the downfall of your site. So, you need to know how to secure your website from security threats. Today every website needs to take security into consideration. Using the knowledge here, your Joomla! site can be ahead of the security threats so prevalent today. This book will take you all the way from the most basic steps of preparation to the nuts and bolts of actual protection. It is packed full of relevant and real-world topics such as security tools, configuration suggestions, setting up your test and development environment, reading and interpreting log files, and techniques used by bad hackers on the Internet. In addition to this you will learn how to respond to a site emergency should one occur and how to collect the evidence needed to pursue law enforcement action. The book provides a concise overview of all the parts needed to construct a defence-in-depth strategy for your Joomla! site. At the end of the book you will have a solid security foundation to take your Joomla! website to a higher level of security than the basic site setup. What you will learn from this book? This book covers:

• Implementing steps for successful Joomla! website architecture

• Setting up metrics to measure security

• Exploring the test and development environment; developing your test plan to make sure everything will work as planned

• Utilizing your test and development site for disaster recovery

• Measuring the performance of your software development projects using a software development management system

• Exploring several tools to help protect your website

• Diving into security vulnerabilities: why they exist; some typical counter measures

• Exploring SQL Injections - how they can hurt you and how to prevent them

• Mastering the two important security layers - php.ini and .htaccess

• Reading and analyzing logs relevant to protecting your Joomla! site

• Handling Security Incidents in a professional manner

• Blocking nuisance IP addresses

Amazon.com® Reader Reviews (Ranked by Helpfulness)

Average Amazon.com® Rating:  Based on 6 Ratings

A must-read for all website administrators - 2009-01-30
Reviewer Rating:
As an administrator of Greece's biggest Joomla! forum over the past three years (forum.joomla.gr), I was always shocked to see how light-heartedly web security was deferred to the Greek Calends not only by young Joomla! enthusiasts who simply wanted to set up their own place on the web but also by website developers who had to get the job finished and delivered to their unaware clients as soon as possible. Then, some day a bug would be discovered in Joomla!'s core code or one of its extensions, sites would be defaced, data would be lost and a long list of messages starting with "HELP!" would appear on our forum. Once a fix was released, the sites were restored, and everything was back in order, interest in web security would drop back to nil until the next server was compromised.

No matter whether you are developing your own website, whether somebody else has developed your website for your, or whether you are a professional website administrator that has always been interested in but scared of web security concepts, it's high time you got out of this vicious circle. Tom Canavan's Joomla! Web Security is here to help you do just that: set up a security framework and a work cycle that will help you stand your ground on the web.

Actually, I find this book's title a bit misleading as it would make one think that it is all about Joomla! and that it would be completely irrelevant to anybody running a website that is based on Drupal, XOOP or any other of the PHP-based Content Management Systems that are available to the open source community. It is not! Only few of its pages contain information that could be relevant to Joomla! website implementations alone. Most of it is packed with sound advice, useful tips, and business strategies that can be applied to any website that uses PHP on an apache server, i.e. the most popular server configuration on the web today.

Joomla! Web Security starts with rudimentary issues such as the criteria you should have in mind when choosing a host for your website, the pros and cons of different hosting plans as far as security is concerned, and how to set up a secure Joomla! website with minimum fuss. If you thought that a test and development environment would only be of interest to PHP application developers, you will have to think again as Tom explains why you should realize that you need one and how you should go about setting it up locally. Once a website is up and running, any administrator with a certain amount of sense in him (or her) would need a set of tools to monitor and manage it. Chapter 3 presents a set of Joomla!-oriented and generic security tools such as JCheck and Nmap that help network and website administrators around the world safeguard their handiwork.

Since this book is all about protecting yourselves and the websites you run from outsiders and their eagerness to attack you, getting acquainted with their tricks and tactics is an asset any website administrator could not do without. Having that in mind, it is an advantage to have three chapters of Joomla! Web Security devoted to identifying vulnerabilities, attack analysis and hacking strategies based on real world incidents from the author's experience. Of course, the sixty pages covered by these three chapters can only scratch the surface of a huge topic on which volumes of books have been written. Nevertheless, they constitute a comprehensive though short introduction to the subject of exploits and hacking attacks and should be taken as pointers to further reading.

Chapters 7 and 8 tackle the dark arts of fine tuning your .htaccess and php.ini files as well as reading, understanding and acting upon the entries of your log files. It would have been nice if chapter 7, in particular, were a bit more extended as it moves too swiftly from simple notions to complex rules that could baffle the reader. Every .htaccess rule is exemplified satisfactorily but, in compliance with the general practice of publicizing such tricks on various hacking websites around the net, their analysis seems to aim mainly at allowing the reader to copy them successfully and use them in his/her website rather than thoroughly understand what s/he is doing and how s/he is accomplishing it.

Finally, the two last chapters cover SSL and its integration into Joomla! as well as how one should react if, despite his or her best efforts, his/her website is compromised. Though these last chapters might seem to be written with corporate working environments in mind, they contain excellent advice that could be adapted and implemented even by small companies or freelancers that want to be able to keep their composure even when they find themselves in dire straights. Joomla! Web Security ends with an appendix that summarizes and acts as a reference to a lot of the information found in the book.

All in all, Tom Canavan's Joomla! Web Security is a must-read for all Joomla! (and non-Joomla!) website administrators that are (or, rather, should be) concerned about the security of their website and the data stored therein. Those readers that had never before considered the security problems raised by their decision to publish a site on the web will find that the book offers them solid ground on which to start building their website defenses against intruders. On the other hand, experienced website administrators could use this book as a collection of security must-dos that they should go through each time they build or start managing a website.

Very helpful, comprehensive safeguards for Joomla sites - 2009-10-07
Reviewer Rating:
The author has done a very good job of discussing common exploits and prevention tactics. Going beyond php.ini and .htaccess safeguards (which he does in very solid detail, with many good tips even I wasn't aware of), he thankfully goes into detailed mysql injection exploits and how to prevent them at both code- and server-level.

Another thing I liked about this book was his references, he provides lots of links to open source scanners and other tools that can be used to check for exploits, open holes and how to patch them.

Very glad I got this, I'll sleep better at night knowing I've got better "locks on the doors" for my joomla based sites. Thanks for a very useful reference!

-Ken

Decent overview of web security for the intended audience - 2009-04-01
Reviewer Rating:
Given joomla's intended audience, I'm sure there are a lot of inexperienced users that will benefit greatly from this book. Basically gives you an overview of the concepts and programs you'll need to have a security plan in place as a small developer (imo joomla's main user base.)

Experienced Joomla developers can likely still get a thing or two out of reading it, though nothing contained herein should be a surprise (if you consider yourself experienced at least). Discussions on documentation and formulation of emergency plans & procedures are useful because it's perhaps something many self-taught/employed people are likely to be lacking. Quick enough that it's not at all a wasted read for me, and I learned about a few security tools that are joomla specific I wasn't otherwise aware of. In fact it sits on my shelf with other books to serve as a reference should I need it (which is to say it's useful enough it's not at the used book store.)

A Must Read, unless you like being Hacked - 2009-01-18
Reviewer Rating:
I am a member of the New York Joomla group and a just love Joomla.

This is "a must" read book for all people that care about the security of a website. The book offers an excellent primer on basic web-security. It is written for the person who has not yet mastered the skills needed to properly secure a website.

For the Joomla user it covers many issues specific to the Joomla versions 1.0.x and 1.5.x. The book is written in simple language so that a non-tech person can understand the concepts. As a skilled and experienced Joomla user and host provider, I found many tips that can help me in monitoring the security of systems I administer.
The coverage of tools available and the appendix is alone worth the price alone.

Too often server and site security is not appreciated. Because of the simplicity of setting up a website, it is often assumed that everything is secure. That is not the case and the person managing a website needs to know what to look for. The coverage of the less obvious of security issues when two secure extensions cause a breach is excellent.


Again I would make this required reading for any person running Joomla.

Very nice read - 2009-01-16
Reviewer Rating:
I got the book a few weeks ago. For a Joomla! newbie the book gives some pretty cool advice. I liked the fact that it not only discusses Joomla! but also how to choose and secure the server it is hosted on.
From php.ini to .htaccess to fighting SQL injections, this book has it all. And it's a nice read too. I liked Tom Canavan's writing style. For a technical book, this is really entertaining.

Browse Similar Topics

Top Level Categories:
Internet/Online

Sub-Categories:
Internet/Online > Web Content Management