SlideShare una empresa de Scribd logo

Joomla! security

Yireo
Yireo

Presentation on Joomla! security, both basic stuff as advanced techniques. Used during Joomla! User Group meeting in Den Bosch, NL (JUG073).

Tecnología
1 de 31
Descargar para leer sin conexión
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo My name is Jisse Reitsma Joomla! enthousiast PHP programmer Lead developer of Yireo Joomla! templates-book (NL) Helping Tibet Support Group
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo My presentation Part I - Basics Part II - Joomla! security Part III - Advanced things
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Part I Basics of security
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Why bother? Everybody makes mistakes Joomla! is very popular ... also with hackers What can happen? Website defacement (damage to business image) Malware installed (viruses, exploits, zombie-software)
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo What is security? SQL injection POST spoofing Path traversal; Remote path inclusion Cross Site Scripting (XSS), CSRF Session hijacking, cookie theft Rootkits
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Common Joomla! attacks SQL injection http://localhost/joomla/index.php/weblinks-categories?id=0%20%29%20union %20select%20password%20from%20%60jos_users%60%20--%20%29 XSS vulnerability Textarea: <script>alert('test');</script>
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Part II Joomla! security
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (1) Strong passwords Beware for dictionary attacks At least 8 characters, preferably 16 :)
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (2) Do not pick just any extension Keep software up-to-date Joomla! core Joomla! extensions
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (3) Make sure .htaccess is in place Rename from “htaccess.txt” to “.htaccess” Includes quick protection for common attacks
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (4) Create a new Super User No username “admin” Other MySQL ID then 42 or 62
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (5) Backend protection jSecure, kSecure, BackendToken Scanning RsFirewall, jDefender, jHackGuard Joomla! ACLs (ACLmanager)
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (6) Remove the default META-tag generator <?php JFactory::getDocument()­>setGenerator('whatever'); ?>
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (7) Encrypt Joomla! Administrator access with (self-generated) SSL-certificate Use SFTP (or SSH) if available, and not FTP
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (8) Remove files you don't need 3rd party templates, 3rd party extensions Joomla! test setups (and other applications) CHANGELOG.php, CREDITS.php, INSTALL.php, configuration.php-dist, htaccess.txt, LICENSE.php, LICENSES.php phpinfo.php
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (9) Two Factor Authentication Google Authenticator Yubikey
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (10) Do not use Joomla! 1.5 Change database table prefix (Admintools) Do not allow user registration if you don't want it Apache HTTP authentication for backend
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo General advice Be careful with what you install Versioning system like Git Always test things first on testing environment (plg_system_httpauth) Create backups
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Part III Advanced security
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo LAMP security File permissions Firewall Apache settings PHP settings
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo UNIX file permissions Basic rules Three numbers: owner + group + world 4 = read, 2 = write, 1 = execute 644 = readwrite for owner; read for group; read for world Directory must always be executable (755 instead of 644) Do not use: 666 = read-write for owner; read-write for group; read-write for world 777 (same like files, but plus execution bit) Do use: 644 (files) 755 (directories)
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Firewall Only allow what you need HTTP, SSH, FTP, SMTP, DNS Block everything you don't need MySQL, IMAP, POP Check with Nmap
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Apache security Apache settings ServerTokens Prod ServerSignature off TraceEnable off Apache modules mod_rewrite mod_evasive mod_antiloris mod_security2
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo PHP security (1 of 2) PHP settings register_globals = Off expose_php = Off safe_mode = Off magic_quotes = Off allow_url_include = Off allow_url_fopen = On??? open_basedir = [yoursite]???
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo PHP security (2 of 2) PHP disable_functions show_source system, shell_exec, exec, passthru popen, proc_open phpinfo PHP modules Suhosin
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Too late ... maldet (malware detector) rkhunter (rootkit hunter) IDS (intrusion detection system) Tripwire Samhain
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo UNIX hacking ... the greatest game on the internet
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo “Ignorance is bliss” Google Hacking database makes it easy SSL-certificates are only secure, if SSL root-authority servers are We trust TCP/IP to be fairly secure, but is it? (slowloris) When the C-code of a rootkit is actually modified by a script-kiddie, it is no longer detected by rootkit-scanners - bummer, nobody knows if it's there
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo docs.joomla.org/Security
Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo any questions?

Recomendados

Joomla! on Heroku
Joomla! on HerokuJoomla! on Heroku
Joomla! on HerokuYireo
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanJeff Hoffman
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009Brad Williams
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityBrad Williams
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011Dre Armeda
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Brad Williams
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013Brad Williams
 

Recomendados

Joomla! on Heroku
Joomla! on HerokuJoomla! on Heroku
Joomla! on HerokuYireo
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanJeff Hoffman
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009Brad Williams
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityBrad Williams
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011Dre Armeda
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Brad Williams
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013Brad Williams
 
WordPress Security Presentation from South Florida WordPress Meetup
WordPress Security Presentation from South Florida WordPress MeetupWordPress Security Presentation from South Florida WordPress Meetup
WordPress Security Presentation from South Florida WordPress MeetupJohn Carcutt
 
Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Brad Williams
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010Brad Williams
 
Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPressDre Armeda
 
Wordpress Security Tips
Wordpress Security TipsWordpress Security Tips
Wordpress Security TipsLalit Nama
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009Brad Williams
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaDre Armeda
 
Introduction to WordPress Security
Introduction to WordPress SecurityIntroduction to WordPress Security
Introduction to WordPress SecurityShawn Hooper
 
Secure All The Things!
Secure All The Things!Secure All The Things!
Secure All The Things!Dougal Campbell
 
WordPress Security Presentation
WordPress Security PresentationWordPress Security Presentation
WordPress Security PresentationAndrew Paton
 
WordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityWordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityBrad Williams
 
Secure & Maintain Your Self-Hosted WordPress Website
Secure & Maintain Your Self-Hosted WordPress WebsiteSecure & Maintain Your Self-Hosted WordPress Website
Secure & Maintain Your Self-Hosted WordPress WebsiteOnline Business Owners
 
Higher Order WordPress Security
Higher Order WordPress SecurityHigher Order WordPress Security
Higher Order WordPress SecurityDougal Campbell
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 
Google Hacking Basics
Google Hacking BasicsGoogle Hacking Basics
Google Hacking Basicsamiable_indian
 
Word Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The WildWord Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The Wildrebelpixel
 
WordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The WildWordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The Wildrebelpixel
 
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best Practices
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best PracticesWordPress Meetup Ieper - 15/03/2018 - WordPress Security Best Practices
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best PracticesBrecht Ryckaert
 
Joomla!: phpMyAdmin for Beginners
Joomla!: phpMyAdmin for BeginnersJoomla!: phpMyAdmin for Beginners
Joomla!: phpMyAdmin for BeginnersYireo
 
Joomla! and SSL
Joomla! and SSLJoomla! and SSL
Joomla! and SSLYireo
 

Más contenido relacionado

La actualidad más candente

WordPress Security Presentation from South Florida WordPress Meetup
WordPress Security Presentation from South Florida WordPress MeetupWordPress Security Presentation from South Florida WordPress Meetup
WordPress Security Presentation from South Florida WordPress MeetupJohn Carcutt
 
Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Brad Williams
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010Brad Williams
 
Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPressDre Armeda
 
Wordpress Security Tips
Wordpress Security TipsWordpress Security Tips
Wordpress Security TipsLalit Nama
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009Brad Williams
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaDre Armeda
 
Introduction to WordPress Security
Introduction to WordPress SecurityIntroduction to WordPress Security
Introduction to WordPress SecurityShawn Hooper
 
WordPress Security Presentation
WordPress Security PresentationWordPress Security Presentation
WordPress Security PresentationAndrew Paton
 
WordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityWordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityBrad Williams
 
Secure & Maintain Your Self-Hosted WordPress Website
Secure & Maintain Your Self-Hosted WordPress WebsiteSecure & Maintain Your Self-Hosted WordPress Website
Secure & Maintain Your Self-Hosted WordPress WebsiteOnline Business Owners
 
Higher Order WordPress Security
Higher Order WordPress SecurityHigher Order WordPress Security
Higher Order WordPress SecurityDougal Campbell
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 
Word Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The WildWord Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The Wildrebelpixel
 
WordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The WildWordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The Wildrebelpixel
 
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best Practices
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best PracticesWordPress Meetup Ieper - 15/03/2018 - WordPress Security Best Practices
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best PracticesBrecht Ryckaert
 

La actualidad más candente (20)

WordPress Security Presentation from South Florida WordPress Meetup
WordPress Security Presentation from South Florida WordPress MeetupWordPress Security Presentation from South Florida WordPress Meetup
WordPress Security Presentation from South Florida WordPress Meetup
 
Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website
 
WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010
 
Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPress
 
Wordpress Security Tips
Wordpress Security TipsWordpress Security Tips
Wordpress Security Tips
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
 
Introduction to WordPress Security
Introduction to WordPress SecurityIntroduction to WordPress Security
Introduction to WordPress Security
 
Secure All The Things!
Secure All The Things!Secure All The Things!
Secure All The Things!
 
WordPress Security Presentation
WordPress Security PresentationWordPress Security Presentation
WordPress Security Presentation
 
WordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityWordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress Security
 
Secure & Maintain Your Self-Hosted WordPress Website
Secure & Maintain Your Self-Hosted WordPress WebsiteSecure & Maintain Your Self-Hosted WordPress Website
Secure & Maintain Your Self-Hosted WordPress Website
 
Higher Order WordPress Security
Higher Order WordPress SecurityHigher Order WordPress Security
Higher Order WordPress Security
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013
 
Google Hacking Basics
Google Hacking BasicsGoogle Hacking Basics
Google Hacking Basics
 
Word Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The WildWord Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The Wild
 
WordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The WildWordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The Wild
 
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best Practices
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best PracticesWordPress Meetup Ieper - 15/03/2018 - WordPress Security Best Practices
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best Practices
 

Similar a Joomla! security

Joomla!: phpMyAdmin for Beginners
Joomla!: phpMyAdmin for BeginnersJoomla!: phpMyAdmin for Beginners
Joomla!: phpMyAdmin for BeginnersYireo
 
Joomla! and SSL
Joomla! and SSLJoomla! and SSL
Joomla! and SSLYireo
 
Joomla! templating
Joomla! templatingJoomla! templating
Joomla! templatingYireo
 
Joomla! Plugin Development
Joomla! Plugin DevelopmentJoomla! Plugin Development
Joomla! Plugin DevelopmentYireo
 
OWASP Thailand 2016 - Joomla Security
OWASP Thailand 2016 - Joomla Security OWASP Thailand 2016 - Joomla Security
OWASP Thailand 2016 - Joomla Security Akarawuth Tamrareang
 
Joomladay Switzerland - security
Joomladay Switzerland - securityJoomladay Switzerland - security
Joomladay Switzerland - securityWilco Jansen
 
Joomladay Netherlands - Security
Joomladay Netherlands - SecurityJoomladay Netherlands - Security
Joomladay Netherlands - SecurityWilco Jansen
 
Extend Joomla Forms Using Plugins
Extend Joomla Forms Using PluginsExtend Joomla Forms Using Plugins
Extend Joomla Forms Using PluginsYireo
 
WordCamp Finland 2015 - WordPress Security
WordCamp Finland 2015 - WordPress SecurityWordCamp Finland 2015 - WordPress Security
WordCamp Finland 2015 - WordPress SecurityTiia Rantanen
 
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itMaking Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itTim Plummer
 
Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Jim Manico
 
Joomla! security jday2015
Joomla! security jday2015Joomla! security jday2015
Joomla! security jday2015kriptonium
 
Recent Trends in Cyber Security
Recent Trends in Cyber SecurityRecent Trends in Cyber Security
Recent Trends in Cyber SecurityAyoma Wijethunga
 
WordPress Security Fundamentals - WordCamp Biratnagar 2018
WordPress Security Fundamentals - WordCamp Biratnagar 2018WordPress Security Fundamentals - WordCamp Biratnagar 2018
WordPress Security Fundamentals - WordCamp Biratnagar 2018Abul Khayer
 
Mitigate Maliciousness -- jQuery Europe 2013
Mitigate Maliciousness -- jQuery Europe 2013Mitigate Maliciousness -- jQuery Europe 2013
Mitigate Maliciousness -- jQuery Europe 2013Mike West
 

Similar a Joomla! security (20)

Joomla!: phpMyAdmin for Beginners
Joomla!: phpMyAdmin for BeginnersJoomla!: phpMyAdmin for Beginners
Joomla!: phpMyAdmin for Beginners
 
Joomla! and SSL
Joomla! and SSLJoomla! and SSL
Joomla! and SSL
 
Joomla! templating
Joomla! templatingJoomla! templating
Joomla! templating
 
Joomla! Plugin Development
Joomla! Plugin DevelopmentJoomla! Plugin Development
Joomla! Plugin Development
 
OWASP Thailand 2016 - Joomla Security
OWASP Thailand 2016 - Joomla Security OWASP Thailand 2016 - Joomla Security
OWASP Thailand 2016 - Joomla Security
 
Joomla Security
Joomla SecurityJoomla Security
Joomla Security
 
Joomla Security
Joomla SecurityJoomla Security
Joomla Security
 
Joomladay Switzerland - security
Joomladay Switzerland - securityJoomladay Switzerland - security
Joomladay Switzerland - security
 
Joomladay Netherlands - Security
Joomladay Netherlands - SecurityJoomladay Netherlands - Security
Joomladay Netherlands - Security
 
Extend Joomla Forms Using Plugins
Extend Joomla Forms Using PluginsExtend Joomla Forms Using Plugins
Extend Joomla Forms Using Plugins
 
WordCamp Finland 2015 - WordPress Security
WordCamp Finland 2015 - WordPress SecurityWordCamp Finland 2015 - WordPress Security
WordCamp Finland 2015 - WordPress Security
 
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itMaking Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
 
Joomla! security jday2015
Joomla! security jday2015Joomla! security jday2015
Joomla! security jday2015
 
Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5
 
Brendon Hatcher Joomla Security
Brendon Hatcher Joomla SecurityBrendon Hatcher Joomla Security
Brendon Hatcher Joomla Security
 
Joomla! security jday2015
Joomla! security jday2015Joomla! security jday2015
Joomla! security jday2015
 
Recent Trends in Cyber Security
Recent Trends in Cyber SecurityRecent Trends in Cyber Security
Recent Trends in Cyber Security
 
WordPress Security Fundamentals - WordCamp Biratnagar 2018
WordPress Security Fundamentals - WordCamp Biratnagar 2018WordPress Security Fundamentals - WordCamp Biratnagar 2018
WordPress Security Fundamentals - WordCamp Biratnagar 2018
 
Anatomy of a Drupal Hack - TechKnowFile 2014
Anatomy of a Drupal Hack - TechKnowFile 2014Anatomy of a Drupal Hack - TechKnowFile 2014
Anatomy of a Drupal Hack - TechKnowFile 2014
 
Mitigate Maliciousness -- jQuery Europe 2013
Mitigate Maliciousness -- jQuery Europe 2013Mitigate Maliciousness -- jQuery Europe 2013
Mitigate Maliciousness -- jQuery Europe 2013
 

Más de Yireo

Faster Magento Integration Tests
Faster Magento Integration TestsFaster Magento Integration Tests
Faster Magento Integration TestsYireo
 
Mage-OS Nederland
Mage-OS NederlandMage-OS Nederland
Mage-OS NederlandYireo
 
Modernizing Vue Storefront 1
Modernizing Vue Storefront 1Modernizing Vue Storefront 1
Modernizing Vue Storefront 1Yireo
 
Magento 2 Seminar - Peter-Jaap Blaakmeer - VR-webshop
Magento 2 Seminar - Peter-Jaap Blaakmeer - VR-webshopMagento 2 Seminar - Peter-Jaap Blaakmeer - VR-webshop
Magento 2 Seminar - Peter-Jaap Blaakmeer - VR-webshopYireo
 
Magento 2 Seminar - Toon van Dooren - Varnish in Magento 2
Magento 2 Seminar - Toon van Dooren - Varnish in Magento 2Magento 2 Seminar - Toon van Dooren - Varnish in Magento 2
Magento 2 Seminar - Toon van Dooren - Varnish in Magento 2Yireo
 
Magento 2 Seminar - Andra Lungu - API in Magento 2
Magento 2 Seminar - Andra Lungu - API in Magento 2Magento 2 Seminar - Andra Lungu - API in Magento 2
Magento 2 Seminar - Andra Lungu - API in Magento 2Yireo
 
Magento 2 Seminar - Roger Keulen - Machine learning
Magento 2 Seminar - Roger Keulen - Machine learningMagento 2 Seminar - Roger Keulen - Machine learning
Magento 2 Seminar - Roger Keulen - Machine learningYireo
 
Magento 2 Seminar - Miguel Balparda - M2 with PHP 7 and Varnish
Magento 2 Seminar - Miguel Balparda - M2 with PHP 7 and VarnishMagento 2 Seminar - Miguel Balparda - M2 with PHP 7 and Varnish
Magento 2 Seminar - Miguel Balparda - M2 with PHP 7 and VarnishYireo
 
Magento 2 Seminar - Maarten Schuiling - The App Economy
Magento 2 Seminar - Maarten Schuiling - The App EconomyMagento 2 Seminar - Maarten Schuiling - The App Economy
Magento 2 Seminar - Maarten Schuiling - The App EconomyYireo
 
Magento 2 Seminar - Jisse Reitsma - Magento 2 techniek vertalen naar voordelen
Magento 2 Seminar - Jisse Reitsma - Magento 2 techniek vertalen naar voordelenMagento 2 Seminar - Jisse Reitsma - Magento 2 techniek vertalen naar voordelen
Magento 2 Seminar - Jisse Reitsma - Magento 2 techniek vertalen naar voordelenYireo
 
Magento 2 Seminar - Sander Mangel - Van Magento 1 naar 2
Magento 2 Seminar - Sander Mangel - Van Magento 1 naar 2Magento 2 Seminar - Sander Mangel - Van Magento 1 naar 2
Magento 2 Seminar - Sander Mangel - Van Magento 1 naar 2Yireo
 
Magento 2 Seminar - Arjen Miedema - Search Engine Optimisation
Magento 2 Seminar - Arjen Miedema - Search Engine OptimisationMagento 2 Seminar - Arjen Miedema - Search Engine Optimisation
Magento 2 Seminar - Arjen Miedema - Search Engine OptimisationYireo
 
Magento 2 Seminar - Tjitte Folkertsma - Beaumotica
Magento 2 Seminar - Tjitte Folkertsma - BeaumoticaMagento 2 Seminar - Tjitte Folkertsma - Beaumotica
Magento 2 Seminar - Tjitte Folkertsma - BeaumoticaYireo
 
Magento 2 Seminar - Jeroen Vermeulen Snelle Magento 2 Shops
Magento 2 Seminar - Jeroen Vermeulen Snelle Magento 2 ShopsMagento 2 Seminar - Jeroen Vermeulen Snelle Magento 2 Shops
Magento 2 Seminar - Jeroen Vermeulen Snelle Magento 2 ShopsYireo
 
Magento 2 Seminar - Christian Muench - Magerun2
Magento 2 Seminar - Christian Muench - Magerun2Magento 2 Seminar - Christian Muench - Magerun2
Magento 2 Seminar - Christian Muench - Magerun2Yireo
 
Magento 2 Seminar - Anton Kril - Magento 2 Summary
Magento 2 Seminar - Anton Kril - Magento 2 SummaryMagento 2 Seminar - Anton Kril - Magento 2 Summary
Magento 2 Seminar - Anton Kril - Magento 2 SummaryYireo
 
Magento 2 Seminar - Daniel Genis - Magento 2 benchmarks
Magento 2 Seminar - Daniel Genis - Magento 2 benchmarksMagento 2 Seminar - Daniel Genis - Magento 2 benchmarks
Magento 2 Seminar - Daniel Genis - Magento 2 benchmarksYireo
 
Magento 2 Seminar - Ben Marks - Keynote
Magento 2 Seminar - Ben Marks - KeynoteMagento 2 Seminar - Ben Marks - Keynote
Magento 2 Seminar - Ben Marks - KeynoteYireo
 
Magento 2 Seminar - Community agenda
Magento 2 Seminar - Community agendaMagento 2 Seminar - Community agenda
Magento 2 Seminar - Community agendaYireo
 
Magento 2 Seminar - Jisse Reitsma - Migratie Planning
Magento 2 Seminar - Jisse Reitsma - Migratie PlanningMagento 2 Seminar - Jisse Reitsma - Migratie Planning
Magento 2 Seminar - Jisse Reitsma - Migratie PlanningYireo
 

Más de Yireo (20)

Faster Magento Integration Tests
Faster Magento Integration TestsFaster Magento Integration Tests
Faster Magento Integration Tests
 
Mage-OS Nederland
Mage-OS NederlandMage-OS Nederland
Mage-OS Nederland
 
Modernizing Vue Storefront 1
Modernizing Vue Storefront 1Modernizing Vue Storefront 1
Modernizing Vue Storefront 1
 
Magento 2 Seminar - Peter-Jaap Blaakmeer - VR-webshop
Magento 2 Seminar - Peter-Jaap Blaakmeer - VR-webshopMagento 2 Seminar - Peter-Jaap Blaakmeer - VR-webshop
Magento 2 Seminar - Peter-Jaap Blaakmeer - VR-webshop
 
Magento 2 Seminar - Toon van Dooren - Varnish in Magento 2
Magento 2 Seminar - Toon van Dooren - Varnish in Magento 2Magento 2 Seminar - Toon van Dooren - Varnish in Magento 2
Magento 2 Seminar - Toon van Dooren - Varnish in Magento 2
 
Magento 2 Seminar - Andra Lungu - API in Magento 2
Magento 2 Seminar - Andra Lungu - API in Magento 2Magento 2 Seminar - Andra Lungu - API in Magento 2
Magento 2 Seminar - Andra Lungu - API in Magento 2
 
Magento 2 Seminar - Roger Keulen - Machine learning
Magento 2 Seminar - Roger Keulen - Machine learningMagento 2 Seminar - Roger Keulen - Machine learning
Magento 2 Seminar - Roger Keulen - Machine learning
 
Magento 2 Seminar - Miguel Balparda - M2 with PHP 7 and Varnish
Magento 2 Seminar - Miguel Balparda - M2 with PHP 7 and VarnishMagento 2 Seminar - Miguel Balparda - M2 with PHP 7 and Varnish
Magento 2 Seminar - Miguel Balparda - M2 with PHP 7 and Varnish
 
Magento 2 Seminar - Maarten Schuiling - The App Economy
Magento 2 Seminar - Maarten Schuiling - The App EconomyMagento 2 Seminar - Maarten Schuiling - The App Economy
Magento 2 Seminar - Maarten Schuiling - The App Economy
 
Magento 2 Seminar - Jisse Reitsma - Magento 2 techniek vertalen naar voordelen
Magento 2 Seminar - Jisse Reitsma - Magento 2 techniek vertalen naar voordelenMagento 2 Seminar - Jisse Reitsma - Magento 2 techniek vertalen naar voordelen
Magento 2 Seminar - Jisse Reitsma - Magento 2 techniek vertalen naar voordelen
 
Magento 2 Seminar - Sander Mangel - Van Magento 1 naar 2
Magento 2 Seminar - Sander Mangel - Van Magento 1 naar 2Magento 2 Seminar - Sander Mangel - Van Magento 1 naar 2
Magento 2 Seminar - Sander Mangel - Van Magento 1 naar 2
 
Magento 2 Seminar - Arjen Miedema - Search Engine Optimisation
Magento 2 Seminar - Arjen Miedema - Search Engine OptimisationMagento 2 Seminar - Arjen Miedema - Search Engine Optimisation
Magento 2 Seminar - Arjen Miedema - Search Engine Optimisation
 
Magento 2 Seminar - Tjitte Folkertsma - Beaumotica
Magento 2 Seminar - Tjitte Folkertsma - BeaumoticaMagento 2 Seminar - Tjitte Folkertsma - Beaumotica
Magento 2 Seminar - Tjitte Folkertsma - Beaumotica
 
Magento 2 Seminar - Jeroen Vermeulen Snelle Magento 2 Shops
Magento 2 Seminar - Jeroen Vermeulen Snelle Magento 2 ShopsMagento 2 Seminar - Jeroen Vermeulen Snelle Magento 2 Shops
Magento 2 Seminar - Jeroen Vermeulen Snelle Magento 2 Shops
 
Magento 2 Seminar - Christian Muench - Magerun2
Magento 2 Seminar - Christian Muench - Magerun2Magento 2 Seminar - Christian Muench - Magerun2
Magento 2 Seminar - Christian Muench - Magerun2
 
Magento 2 Seminar - Anton Kril - Magento 2 Summary
Magento 2 Seminar - Anton Kril - Magento 2 SummaryMagento 2 Seminar - Anton Kril - Magento 2 Summary
Magento 2 Seminar - Anton Kril - Magento 2 Summary
 
Magento 2 Seminar - Daniel Genis - Magento 2 benchmarks
Magento 2 Seminar - Daniel Genis - Magento 2 benchmarksMagento 2 Seminar - Daniel Genis - Magento 2 benchmarks
Magento 2 Seminar - Daniel Genis - Magento 2 benchmarks
 
Magento 2 Seminar - Ben Marks - Keynote
Magento 2 Seminar - Ben Marks - KeynoteMagento 2 Seminar - Ben Marks - Keynote
Magento 2 Seminar - Ben Marks - Keynote
 
Magento 2 Seminar - Community agenda
Magento 2 Seminar - Community agendaMagento 2 Seminar - Community agenda
Magento 2 Seminar - Community agenda
 
Magento 2 Seminar - Jisse Reitsma - Migratie Planning
Magento 2 Seminar - Jisse Reitsma - Migratie PlanningMagento 2 Seminar - Jisse Reitsma - Migratie Planning
Magento 2 Seminar - Jisse Reitsma - Migratie Planning
 

Último

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 

Último (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 

Joomla! security

  • 1. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security
  • 2. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo My name is Jisse Reitsma Joomla! enthousiast PHP programmer Lead developer of Yireo Joomla! templates-book (NL) Helping Tibet Support Group
  • 3. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo My presentation Part I - Basics Part II - Joomla! security Part III - Advanced things
  • 4. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Part I Basics of security
  • 5. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Why bother? Everybody makes mistakes Joomla! is very popular ... also with hackers What can happen? Website defacement (damage to business image) Malware installed (viruses, exploits, zombie-software)
  • 6. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo What is security? SQL injection POST spoofing Path traversal; Remote path inclusion Cross Site Scripting (XSS), CSRF Session hijacking, cookie theft Rootkits
  • 7. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Common Joomla! attacks SQL injection http://localhost/joomla/index.php/weblinks-categories?id=0%20%29%20union %20select%20password%20from%20%60jos_users%60%20--%20%29 XSS vulnerability Textarea: <script>alert('test');</script>
  • 8. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Part II Joomla! security
  • 9. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (1) Strong passwords Beware for dictionary attacks At least 8 characters, preferably 16 :)
  • 10. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (2) Do not pick just any extension Keep software up-to-date Joomla! core Joomla! extensions
  • 11. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (3) Make sure .htaccess is in place Rename from “htaccess.txt” to “.htaccess” Includes quick protection for common attacks
  • 12. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (4) Create a new Super User No username “admin” Other MySQL ID then 42 or 62
  • 13. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (5) Backend protection jSecure, kSecure, BackendToken Scanning RsFirewall, jDefender, jHackGuard Joomla! ACLs (ACLmanager)
  • 14. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (6) Remove the default META-tag generator <?php JFactory::getDocument()­>setGenerator('whatever'); ?>
  • 15. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (7) Encrypt Joomla! Administrator access with (self-generated) SSL-certificate Use SFTP (or SSH) if available, and not FTP
  • 16. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (8) Remove files you don't need 3rd party templates, 3rd party extensions Joomla! test setups (and other applications) CHANGELOG.php, CREDITS.php, INSTALL.php, configuration.php-dist, htaccess.txt, LICENSE.php, LICENSES.php phpinfo.php
  • 17. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (9) Two Factor Authentication Google Authenticator Yubikey
  • 18. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Joomla! security (10) Do not use Joomla! 1.5 Change database table prefix (Admintools) Do not allow user registration if you don't want it Apache HTTP authentication for backend
  • 19. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo General advice Be careful with what you install Versioning system like Git Always test things first on testing environment (plg_system_httpauth) Create backups
  • 20. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Part III Advanced security
  • 21. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo LAMP security File permissions Firewall Apache settings PHP settings
  • 22. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo UNIX file permissions Basic rules Three numbers: owner + group + world 4 = read, 2 = write, 1 = execute 644 = readwrite for owner; read for group; read for world Directory must always be executable (755 instead of 644) Do not use: 666 = read-write for owner; read-write for group; read-write for world 777 (same like files, but plus execution bit) Do use: 644 (files) 755 (directories)
  • 23. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Firewall Only allow what you need HTTP, SSH, FTP, SMTP, DNS Block everything you don't need MySQL, IMAP, POP Check with Nmap
  • 24. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Apache security Apache settings ServerTokens Prod ServerSignature off TraceEnable off Apache modules mod_rewrite mod_evasive mod_antiloris mod_security2
  • 25. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo PHP security (1 of 2) PHP settings register_globals = Off expose_php = Off safe_mode = Off magic_quotes = Off allow_url_include = Off allow_url_fopen = On??? open_basedir = [yoursite]???
  • 26. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo PHP security (2 of 2) PHP disable_functions show_source system, shell_exec, exec, passthru popen, proc_open phpinfo PHP modules Suhosin
  • 27. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo Too late ... maldet (malware detector) rkhunter (rootkit hunter) IDS (intrusion detection system) Tripwire Samhain
  • 28. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo UNIX hacking ... the greatest game on the internet
  • 29. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo “Ignorance is bliss” Google Hacking database makes it easy SSL-certificates are only secure, if SSL root-authority servers are We trust TCP/IP to be fairly secure, but is it? (slowloris) When the C-code of a rootkit is actually modified by a script-kiddie, it is no longer detected by rootkit-scanners - bummer, nobody knows if it's there
  • 30. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo docs.joomla.org/Security
  • 31. Presentation “Joomla! Security” - http://slideshare.net/yireo Jisse Reitsma (jisse@yireo.com) - Twitter @yireo any questions?