Penetration Testing,Security,Network Security,Hacker (term),Hacker (computer Security),Computer Security (Industry),Learn Hacking Security,ecore,LHS,Pen Testing,Linux,Website Security,System Pen testing,BackTrack,Hacking, CMS,JOOMLA,Tools,Computer Hacking,kali linux,kali,Windows,web browser attack,Phishing,R3,SET,Social Engineering Toolkit,Tutorial,Facebook Hack,Apple HAck,Windows Hack,Browser Attack,Client side exploit

1. CMS(Content Management
System)
Meenu Dogra
Software Engineer
www.eCoreTechnoS.com

2. About Myself
 Meenu Dogra
 Software Engineer
 Specializes in Secure Coding/Application Development
 Knowledge of PHP, JAVA, J2EE, Oracle, Javascript, Mysql, SQL
Joomla, Wordpress, SEO, Facebook Applications,
Android Applications, Facebook Developer and
many more
 Oracle Certified Associate (OCA)
 Speaker – Webinars
 Email : Meenu . Dogra@eCoreTechnoS.com

3. CMS: The open Source Platform
• Allows publishing, editing and modifying content
• designed to simplify the complex task of writing numerous versions of code

4.  All three are written in the PHP programming
language Most
 Depend on the MySQL database
 http://cmsmatrix.org/
Popular
CMS
Drupal Joomla Wordpress
• open-source • open-source
• open-source
• Required Technical • Required Technical
• Not Required Technical
Knowledge Knowledge
Knowledge

5. Lets watch a video to start knowing Joomla

6. MVC Pattern
Model-View-Controller (herein referred to as MVC) is a software design
pattern that can be used to organize code in such a way that the business
logic and data presentation are separate.
Model : the model will contain methods to add, remove and update
information about the greetings in the database.
View : used to render the data from the model in a manner that is
suitable for interaction
Controller: The controller is responsible for responding to user actions.
a user action is (generally) a page request. The controller does not
display the data in the model, it only triggers methods in the model
which modify the data, and then pass the model into the view which
displays the data.

7. Install XAMP
Install Joomla

14. User Manager
Joomla has a registration system that allows users to configure
personal options. There are nine user groups with various types of
permissions on what users are allowed to access, edit, publish and
administrate.

15. Article Manager
One of the most important parts of a website is the content.
1. To add a section to your website, go to
http://localhost/joomla/administrator and log in with the username
“admin” and the password you specified during the installation.
2. Click on “Article Manager” on the Joomla! toolbar.
3. Insert a title and description for the article and then press “Save” on
the toolbar.

16. Menu Manager
To add menu’s to your website, go to
1. Click on “Menu Manager” on the Joomla! toolbar.
2. Click “Add Main Menu” in the toolbar.
3. Insert the name and article to be added and then press “Save” on
the toolbar.

17. Extention
Here you can.
1. Add a module.
2. Add templates
3. Add plugins etc..

18. Language Manager
There is international support for many world languages and UTF-8
encoding. If you need your Web site in one language and the
administrator panel in another, multiple languages are possible.

19. Template Manager
Templates in Joomla are a powerful way to make your site look
exactly the way you want and either use a single template for the
entire site or a separate template for each site section.

20. • Corporate Web sites or
portals
• Inventory Control
Systems
• Data Reporting Tools
What Joomla! can do? • Online magazines,
newspapers
• E-commerce and online
reservations
• Small business Web sites

21. Who uses Joomla?
• MTV Networks Quizilla (Social networking) - http://www.quizilla.com
• IHOP (Restaurant chain) - http://www.ihop.com
• Harvard University (Educational) - http://gsas.harvard.edu
• Citibank (Financial institution intranet) - Not publicly accessible
• The Green Maven (Eco-resources) - http://www.greenmaven.com
• Outdoor Photographer (Magazine) -
http://www.outdoorphotographer.com
• PlayShakespeare.com (Cultural) -
http://www.playshakespeare.com
• Senso Interiors (Furniture design) - http://www.sensointeriors.co.za

22. Joomla or websites
Security

23. Few Vulnerabilities
 SQL Injection
 Cross Site Scripting
 Directory Listing
 Email Hijacking
 Session Hijacking
 And Many more….

24.  Practical Demo Of SQL Injection and website
hacking

25. Security CheckList
 The Ftp username and password must be different from the web server
username and password.
 Never use username “Admin”.
 Always use well formed passwords.
Visit http://ecoretechnos.com/PasswordGenerator/index.html
 Password must be unique and strong.
 Encrypt the Password and other credential Information in database.
 Passwords must be update in every 15 days.
 Update Joomla.
 Always add new user for new site database.
 Change directory permissions.
 Change jos_users to something random.

26. Site Recovery
1. Change All passwords.
2. Check raw logs.
3. List Recently modified files.
4. If identified that how you are hacked then coordinate with your host.
5. Delete entire public html folder.
6. Delete related database record.
7. Reinstall Everything.
8. Reset Password.
9. Review Security Practices.
10.Review Backup Processes.

27. Resources
http://www.eCoreTechnoS.com
Thank You