2. About Myself
Meenu Dogra
Software Engineer
Specializes in Secure Coding/Application Development
Knowledge of PHP, JAVA, J2EE, Oracle, Javascript, Mysql, SQL
Joomla, Wordpress, SEO, Facebook Applications,
Android Applications, Facebook Developer and
many more
Oracle Certified Associate (OCA)
Speaker – Webinars
Email : Meenu . Dogra@eCoreTechnoS.com
3. CMS: The open Source Platform
• Allows publishing, editing and modifying content
• designed to simplify the complex task of writing numerous versions of code
4. All three are written in the PHP programming
language Most
Depend on the MySQL database
http://cmsmatrix.org/
Popular
CMS
Drupal Joomla Wordpress
• open-source • open-source
• open-source
• Required Technical • Required Technical
• Not Required Technical
Knowledge Knowledge
Knowledge
6. MVC Pattern
Model-View-Controller (herein referred to as MVC) is a software design
pattern that can be used to organize code in such a way that the business
logic and data presentation are separate.
Model : the model will contain methods to add, remove and update
information about the greetings in the database.
View : used to render the data from the model in a manner that is
suitable for interaction
Controller: The controller is responsible for responding to user actions.
a user action is (generally) a page request. The controller does not
display the data in the model, it only triggers methods in the model
which modify the data, and then pass the model into the view which
displays the data.
14. User Manager
Joomla has a registration system that allows users to configure
personal options. There are nine user groups with various types of
permissions on what users are allowed to access, edit, publish and
administrate.
15. Article Manager
One of the most important parts of a website is the content.
1. To add a section to your website, go to
http://localhost/joomla/administrator and log in with the username
“admin” and the password you specified during the installation.
2. Click on “Article Manager” on the Joomla! toolbar.
3. Insert a title and description for the article and then press “Save” on
the toolbar.
16. Menu Manager
To add menu’s to your website, go to
1. Click on “Menu Manager” on the Joomla! toolbar.
2. Click “Add Main Menu” in the toolbar.
3. Insert the name and article to be added and then press “Save” on
the toolbar.
18. Language Manager
There is international support for many world languages and UTF-8
encoding. If you need your Web site in one language and the
administrator panel in another, multiple languages are possible.
19. Template Manager
Templates in Joomla are a powerful way to make your site look
exactly the way you want and either use a single template for the
entire site or a separate template for each site section.
20. • Corporate Web sites or
portals
• Inventory Control
Systems
• Data Reporting Tools
What Joomla! can do? • Online magazines,
newspapers
• E-commerce and online
reservations
• Small business Web sites
21. Who uses Joomla?
• MTV Networks Quizilla (Social networking) - http://www.quizilla.com
• IHOP (Restaurant chain) - http://www.ihop.com
• Harvard University (Educational) - http://gsas.harvard.edu
• Citibank (Financial institution intranet) - Not publicly accessible
• The Green Maven (Eco-resources) - http://www.greenmaven.com
• Outdoor Photographer (Magazine) -
http://www.outdoorphotographer.com
• PlayShakespeare.com (Cultural) -
http://www.playshakespeare.com
• Senso Interiors (Furniture design) - http://www.sensointeriors.co.za
23. Few Vulnerabilities
SQL Injection
Cross Site Scripting
Directory Listing
Email Hijacking
Session Hijacking
And Many more….
24. Practical Demo Of SQL Injection and website
hacking
25. Security CheckList
The Ftp username and password must be different from the web server
username and password.
Never use username “Admin”.
Always use well formed passwords.
Visit http://ecoretechnos.com/PasswordGenerator/index.html
Password must be unique and strong.
Encrypt the Password and other credential Information in database.
Passwords must be update in every 15 days.
Update Joomla.
Always add new user for new site database.
Change directory permissions.
Change jos_users to something random.
26. Site Recovery
1. Change All passwords.
2. Check raw logs.
3. List Recently modified files.
4. If identified that how you are hacked then coordinate with your host.
5. Delete entire public html folder.
6. Delete related database record.
7. Reinstall Everything.
8. Reset Password.
9. Review Security Practices.
10.Review Backup Processes.
27. Resources
http://www.eCoreTechnoS.com
Thank You