CMS security handbook [[electronic resource] ] : the comprehensive guide for WordPress, Joomla!, Drupal, and Plone / / Tom Canavan |
Autore | Canavan Tom |
Edizione | [1st edition] |
Pubbl/distr/stampa | Indianapolis, Ind., : Wiley Pub., c2011 |
Descrizione fisica | 1 online resource (434 p.) |
Disciplina | 005.8 |
Soggetto topico |
Computer networks - Security measures
Data protection Web sites - Security measures |
ISBN |
1-283-39776-5
9786613397768 1-118-09174-4 |
Formato | Materiale a stampa ![]() |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
CMS Security Handbook; Contents; Introduction; Chapter 1 Introduction to CMS Security and Operations; Target Acquired; Operational Considerations; Educating Your Employees and End Users; Raising Security Awareness; Training on Information Security Policies; Providing a Standard Protocol for Threat Reporting; Ensuring E-mail Security; Applying Patches and Updates; Being Aware and Staying Safe; Looking at Your Site Through the Eyes of a Hacker; Steps to Gaining Access to Your Site; Researching; Googling Away; Using Google Hacking Tools (Dorks); Footprinting; Using NMAP for Nefarious Means
Using TracerouteFinding Subdomains; Enumeration; Attacking and Owning the Site; Wiping Out Their Tracks; Examples of Threats; Social Engineering; Calling into Your Office; Sending in a Trusted Friend; Using USB Keys; Indiscriminate Browsing or Instant Messaging; External Media; Vendors or External Clients/Customers as the Threat; Reviewing Your Perimeter; Using Virus Protection; Banning Passwords on Desks; Enforcing a Password Complexity and Change Policy; Policing Open Wireless; Tools for Wireless Detection; How Will You Respond to an Incident?; Does Your Plan Exist?; Is the Plan Up to Date? Where Are Your Backup Tapes, Disks, and USBs?Summary; Chapter 2 Choosing the Right Hosting Company; Types of Hosting Available; Shared Hosting; Virtual Private Server (VPS); Dedicated Server; Cloud Hosting; Security of Data in a Cloud; Selecting the Right Hosting Option; Budget Considerations; Determining the Appropriate Server Size; Case 1: Light Website Traffic (Shared Hosting); Case 2: Medium Website Traffic (VPS); Case 3: Heavy Website Traffic; Using Backups; What to Look for in Web Host Security; Physical Security; Glass Windows; Flooding; Signs; People Dumpster Diving and Social EngineeringBreach Response; Terrorists; Access to Equipment; Water Detection; Fire Suppression; Emergency Procedures; Disaster Recovery and Business Continuity; Cyber Security; Firewalls and Intrusion Detection; Log File Auditing; Spam, Virus Scanning, and Prevention; Patching for Weaknesses; VoIP; Web Servers; Environmental Support; Network Redundancy; Electrical Service; Technical Support; Emergency Planning for the Host; Location of the Host's Data Center; Processes; Backups; Offsite Procedures; Accepting Credit Cards on Your Website; Understanding PCI PCI TerminologyBecoming PCI Certified; Installing an SSL Certificate; Testing by ASV; Choosing a Shopping Cart; Storing Data Securely; PCI Vulnerability Management Plan; Avoiding Common ASV Testing Pitfalls; After Certification; Domain Name System Servers; Understanding DNS; Threats to DNS; DNS (Name Server) Failure; Zone Transfers; Lack of Patching DNS Servers; DNS Poisoning; Hosting Your Own Website Server; Getting Ready; Making Your Shopping List; Choosing an Operating System; Ensuring Security; Patching; Summary; Chapter 3 Preventing Problems Before They Start Choosing an Appropriate CMS for Your Needs |
Record Nr. | UNINA-9910789334203321 |
Canavan Tom
![]() |
||
Indianapolis, Ind., : Wiley Pub., c2011 | ||
![]() | ||
Lo trovi qui: Univ. Federico II | ||
|
CMS security handbook [[electronic resource] ] : the comprehensive guide for WordPress, Joomla!, Drupal, and Plone / / Tom Canavan |
Autore | Canavan Tom |
Edizione | [1st edition] |
Pubbl/distr/stampa | Indianapolis, Ind., : Wiley Pub., c2011 |
Descrizione fisica | 1 online resource (434 p.) |
Disciplina | 005.8 |
Soggetto topico |
Computer networks - Security measures
Data protection Web sites - Security measures |
ISBN |
1-283-39776-5
9786613397768 1-118-09174-4 |
Formato | Materiale a stampa ![]() |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
CMS Security Handbook; Contents; Introduction; Chapter 1 Introduction to CMS Security and Operations; Target Acquired; Operational Considerations; Educating Your Employees and End Users; Raising Security Awareness; Training on Information Security Policies; Providing a Standard Protocol for Threat Reporting; Ensuring E-mail Security; Applying Patches and Updates; Being Aware and Staying Safe; Looking at Your Site Through the Eyes of a Hacker; Steps to Gaining Access to Your Site; Researching; Googling Away; Using Google Hacking Tools (Dorks); Footprinting; Using NMAP for Nefarious Means
Using TracerouteFinding Subdomains; Enumeration; Attacking and Owning the Site; Wiping Out Their Tracks; Examples of Threats; Social Engineering; Calling into Your Office; Sending in a Trusted Friend; Using USB Keys; Indiscriminate Browsing or Instant Messaging; External Media; Vendors or External Clients/Customers as the Threat; Reviewing Your Perimeter; Using Virus Protection; Banning Passwords on Desks; Enforcing a Password Complexity and Change Policy; Policing Open Wireless; Tools for Wireless Detection; How Will You Respond to an Incident?; Does Your Plan Exist?; Is the Plan Up to Date? Where Are Your Backup Tapes, Disks, and USBs?Summary; Chapter 2 Choosing the Right Hosting Company; Types of Hosting Available; Shared Hosting; Virtual Private Server (VPS); Dedicated Server; Cloud Hosting; Security of Data in a Cloud; Selecting the Right Hosting Option; Budget Considerations; Determining the Appropriate Server Size; Case 1: Light Website Traffic (Shared Hosting); Case 2: Medium Website Traffic (VPS); Case 3: Heavy Website Traffic; Using Backups; What to Look for in Web Host Security; Physical Security; Glass Windows; Flooding; Signs; People Dumpster Diving and Social EngineeringBreach Response; Terrorists; Access to Equipment; Water Detection; Fire Suppression; Emergency Procedures; Disaster Recovery and Business Continuity; Cyber Security; Firewalls and Intrusion Detection; Log File Auditing; Spam, Virus Scanning, and Prevention; Patching for Weaknesses; VoIP; Web Servers; Environmental Support; Network Redundancy; Electrical Service; Technical Support; Emergency Planning for the Host; Location of the Host's Data Center; Processes; Backups; Offsite Procedures; Accepting Credit Cards on Your Website; Understanding PCI PCI TerminologyBecoming PCI Certified; Installing an SSL Certificate; Testing by ASV; Choosing a Shopping Cart; Storing Data Securely; PCI Vulnerability Management Plan; Avoiding Common ASV Testing Pitfalls; After Certification; Domain Name System Servers; Understanding DNS; Threats to DNS; DNS (Name Server) Failure; Zone Transfers; Lack of Patching DNS Servers; DNS Poisoning; Hosting Your Own Website Server; Getting Ready; Making Your Shopping List; Choosing an Operating System; Ensuring Security; Patching; Summary; Chapter 3 Preventing Problems Before They Start Choosing an Appropriate CMS for Your Needs |
Record Nr. | UNINA-9910824782203321 |
Canavan Tom
![]() |
||
Indianapolis, Ind., : Wiley Pub., c2011 | ||
![]() | ||
Lo trovi qui: Univ. Federico II | ||
|
Developer's guide to web application security [[electronic resource] /] / Michael Cross |
Autore | Cross Michael |
Pubbl/distr/stampa | Rockland, MA, : Syngress Publishing, c2007 |
Descrizione fisica | 1 online resource (513 p.) |
Disciplina | 005.8 |
Soggetto topico |
Computer networks - Security measures
Computer security Web sites - Security measures |
Soggetto genere / forma | Electronic books. |
ISBN |
1-281-06021-6
9786611060213 0-08-050409-4 |
Formato | Materiale a stampa ![]() |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Front Cover; Developer's Guide to Web Application Security; Copyright Page; Contents; Chapter 1. Hacking Methodology; Introduction; A Brief History of Hacking; What Motivates a Hacker?; Understanding Current Attack Types; Recognizing Web Application Security Threats; Preventing Break-Ins by Thinking like a Hacker; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 2. How to Avoid Becoming a Code Grinder; Introduction; What Is a Code Grinder?; Thinking Creatively when Coding; Security from the Perspective of a Code Grinder; Building Functional and Secure Web Applications
SummarySolutions Fast Track; Frequently Asked Questions; Chapter 3. Understanding the Risk Associated with Mobile Code; Introduction; Recognizing the Impact of Mobile Code Attacks; Identifying Common Forms of Mobile Code; Protecting Your System from Mobile Code Attacks; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 4. Vulnerable CGI Scripts; Introduction; What Is a CGI Script, and What Does It Do?; Break-Ins Resulting from Weak CGI Scripts; Languages for Writing CGI Scripts; Advantages of Using CGI Scripts; Rules for Writing Secure CGI Scripts; Summary Solutions Fast TrackFrequently Asked Questions; Chapter 5. Hacking Techniques and Tools; Introduction; A Hacker's Goals; The Five Phases of Hacking; Defacing Web Sites; Social Engineering; The Intentional "Back Door"Attack; Exploiting Inherent Weaknesses in Code or Programming Environments; The Tools of the Trade; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 6. Code Auditing and Reverse Engineering; Introduction; How to Efficiently Trace through a Program; Auditing and Reviewing Selected Programming Languages; Looking for Vulnerabilities; Pulling It All Together; Summary Solutions Fast TrackFrequently Asked Questions; Chapter 7. Securing Your Java Code; Introduction; Overview of the Java Security Architecture; How Java Handles Security; Potential Weaknesses in Java; Coding Functional but Secure Java Applets; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 8. Securing XML; Introduction; Defining XML; Creating Web Applications Using XML; The Risks Associated with Using XML; Securing XML; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 9. Building Safe ActiveX Internet Controls; Introduction Dangers Associated with Using ActiveXMethodology for Writing Safe ActiveX Controls; Securing ActiveX Controls; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 10. Securing ColdFusion; Introduction; How Does ColdFusion Work?; Preserving ColdFusion Security; ColdFusion Application Processing; Risks Associated with Using ColdFusion; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 11. Developing Security-Enabled Applications; Introduction; The Benefits of Using Security-Enabled Applications; Types of Security Used in Applications; Reviewing the Basics of PKI Using PKI to Secure Web Applications |
Record Nr. | UNINA-9910450883603321 |
Cross Michael
![]() |
||
Rockland, MA, : Syngress Publishing, c2007 | ||
![]() | ||
Lo trovi qui: Univ. Federico II | ||
|
Developer's guide to web application security [[electronic resource] /] / Michael Cross |
Autore | Cross Michael |
Pubbl/distr/stampa | Rockland, MA, : Syngress Publishing, c2007 |
Descrizione fisica | 1 online resource (513 p.) |
Disciplina | 005.8 |
Soggetto topico |
Computer networks - Security measures
Computer security Web sites - Security measures |
ISBN |
1-281-06021-6
9786611060213 0-08-050409-4 |
Formato | Materiale a stampa ![]() |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Front Cover; Developer's Guide to Web Application Security; Copyright Page; Contents; Chapter 1. Hacking Methodology; Introduction; A Brief History of Hacking; What Motivates a Hacker?; Understanding Current Attack Types; Recognizing Web Application Security Threats; Preventing Break-Ins by Thinking like a Hacker; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 2. How to Avoid Becoming a Code Grinder; Introduction; What Is a Code Grinder?; Thinking Creatively when Coding; Security from the Perspective of a Code Grinder; Building Functional and Secure Web Applications
SummarySolutions Fast Track; Frequently Asked Questions; Chapter 3. Understanding the Risk Associated with Mobile Code; Introduction; Recognizing the Impact of Mobile Code Attacks; Identifying Common Forms of Mobile Code; Protecting Your System from Mobile Code Attacks; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 4. Vulnerable CGI Scripts; Introduction; What Is a CGI Script, and What Does It Do?; Break-Ins Resulting from Weak CGI Scripts; Languages for Writing CGI Scripts; Advantages of Using CGI Scripts; Rules for Writing Secure CGI Scripts; Summary Solutions Fast TrackFrequently Asked Questions; Chapter 5. Hacking Techniques and Tools; Introduction; A Hacker's Goals; The Five Phases of Hacking; Defacing Web Sites; Social Engineering; The Intentional "Back Door"Attack; Exploiting Inherent Weaknesses in Code or Programming Environments; The Tools of the Trade; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 6. Code Auditing and Reverse Engineering; Introduction; How to Efficiently Trace through a Program; Auditing and Reviewing Selected Programming Languages; Looking for Vulnerabilities; Pulling It All Together; Summary Solutions Fast TrackFrequently Asked Questions; Chapter 7. Securing Your Java Code; Introduction; Overview of the Java Security Architecture; How Java Handles Security; Potential Weaknesses in Java; Coding Functional but Secure Java Applets; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 8. Securing XML; Introduction; Defining XML; Creating Web Applications Using XML; The Risks Associated with Using XML; Securing XML; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 9. Building Safe ActiveX Internet Controls; Introduction Dangers Associated with Using ActiveXMethodology for Writing Safe ActiveX Controls; Securing ActiveX Controls; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 10. Securing ColdFusion; Introduction; How Does ColdFusion Work?; Preserving ColdFusion Security; ColdFusion Application Processing; Risks Associated with Using ColdFusion; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 11. Developing Security-Enabled Applications; Introduction; The Benefits of Using Security-Enabled Applications; Types of Security Used in Applications; Reviewing the Basics of PKI Using PKI to Secure Web Applications |
Record Nr. | UNINA-9910784271203321 |
Cross Michael
![]() |
||
Rockland, MA, : Syngress Publishing, c2007 | ||
![]() | ||
Lo trovi qui: Univ. Federico II | ||
|
Developer's guide to web application security [[electronic resource] /] / Michael Cross |
Autore | Cross Michael |
Pubbl/distr/stampa | Rockland, MA, : Syngress Publishing, c2007 |
Descrizione fisica | 1 online resource (513 p.) |
Disciplina | 005.8 |
Soggetto topico |
Computer networks - Security measures
Computer security Web sites - Security measures |
ISBN |
1-281-06021-6
9786611060213 0-08-050409-4 |
Formato | Materiale a stampa ![]() |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Front Cover; Developer's Guide to Web Application Security; Copyright Page; Contents; Chapter 1. Hacking Methodology; Introduction; A Brief History of Hacking; What Motivates a Hacker?; Understanding Current Attack Types; Recognizing Web Application Security Threats; Preventing Break-Ins by Thinking like a Hacker; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 2. How to Avoid Becoming a Code Grinder; Introduction; What Is a Code Grinder?; Thinking Creatively when Coding; Security from the Perspective of a Code Grinder; Building Functional and Secure Web Applications
SummarySolutions Fast Track; Frequently Asked Questions; Chapter 3. Understanding the Risk Associated with Mobile Code; Introduction; Recognizing the Impact of Mobile Code Attacks; Identifying Common Forms of Mobile Code; Protecting Your System from Mobile Code Attacks; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 4. Vulnerable CGI Scripts; Introduction; What Is a CGI Script, and What Does It Do?; Break-Ins Resulting from Weak CGI Scripts; Languages for Writing CGI Scripts; Advantages of Using CGI Scripts; Rules for Writing Secure CGI Scripts; Summary Solutions Fast TrackFrequently Asked Questions; Chapter 5. Hacking Techniques and Tools; Introduction; A Hacker's Goals; The Five Phases of Hacking; Defacing Web Sites; Social Engineering; The Intentional "Back Door"Attack; Exploiting Inherent Weaknesses in Code or Programming Environments; The Tools of the Trade; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 6. Code Auditing and Reverse Engineering; Introduction; How to Efficiently Trace through a Program; Auditing and Reviewing Selected Programming Languages; Looking for Vulnerabilities; Pulling It All Together; Summary Solutions Fast TrackFrequently Asked Questions; Chapter 7. Securing Your Java Code; Introduction; Overview of the Java Security Architecture; How Java Handles Security; Potential Weaknesses in Java; Coding Functional but Secure Java Applets; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 8. Securing XML; Introduction; Defining XML; Creating Web Applications Using XML; The Risks Associated with Using XML; Securing XML; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 9. Building Safe ActiveX Internet Controls; Introduction Dangers Associated with Using ActiveXMethodology for Writing Safe ActiveX Controls; Securing ActiveX Controls; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 10. Securing ColdFusion; Introduction; How Does ColdFusion Work?; Preserving ColdFusion Security; ColdFusion Application Processing; Risks Associated with Using ColdFusion; Summary; Solutions Fast Track; Frequently Asked Questions; Chapter 11. Developing Security-Enabled Applications; Introduction; The Benefits of Using Security-Enabled Applications; Types of Security Used in Applications; Reviewing the Basics of PKI Using PKI to Secure Web Applications |
Record Nr. | UNINA-9910815139603321 |
Cross Michael
![]() |
||
Rockland, MA, : Syngress Publishing, c2007 | ||
![]() | ||
Lo trovi qui: Univ. Federico II | ||
|
Joomla! web security [[electronic resource] ] : secure your Joomla! website from common security threats with this easy-to-use guide / / Tom Canavan |
Autore | Canavan Tom |
Pubbl/distr/stampa | Birmingham, U.K., : Packt Pub., c2008 |
Descrizione fisica | 1 online resource (264 p.) |
Disciplina | 005.8 |
Collana | From technologies to solutions |
Soggetto topico |
Web sites - Security measures
Computer networks - Security measures Web sites - Authoring programs Web site development |
Soggetto genere / forma | Electronic books. |
ISBN |
1-281-85616-9
9786611856168 1-84719-489-3 |
Formato | Materiale a stampa ![]() |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Cover; Table of Contents; Preface; Chapter 1: Let's Get Started; Introduction; Common Terminology; Hosting-Selection and Unique Needs; What Is a Host?; Choosing a Host; Questions to Ask a Prospective Host; Facilities; Things to Ask Your Host about Facility Security; Environmental Questions about the Facility; Site Monitoring and Protection; Patching and Security; Shared Hosting; Dedicated Hosting; Architecting for a Successful Site; What Is the Purpose of Your Site?; Eleven Steps to Successful Site Architecture; Downloading Joomla!; Settings; .htaccess; Permissions; User Management
Common Trip UpsFailure to Check Vulnerability List First; Register Globals, Again; Permissions; Poor Documentation; Got Backups?; Setting Up Security Metrics; Summary; Chapter 2: Test and Development; Welcome to the Laboratory!; Test and Development Environment; What Does This Have to Do with Security?; The Evil Hamster Wheel of Upgrades; Determine the Need for Upgrade; Developing Your Test Plan; Essential Parameters for a Successful Test; Using Your Test and Development Site for Disaster Planning; Updating Your Disaster Recovery Documentation Make DR Testing a Part of Your Upgrade/Rollout CycleCrafting Good Documentation; Using a Software Development Management System; Tour of Lighthouse from Artifact Software; Reporting; Using the Ravenswood Joomla! Server; Roll-out; Summary; Chapter 3: Tools; Introduction; Tools, Tools, and More Tools; HISA; Installation Check; Web-Server Environment; Required Settings for Joomla!; Recommended Settings; Joomla Tools Suite with Services; How's Our Health?; NMAP-Network Mapping Tool from insecure.org; Wireshark; Metasploit-The Penetration Testers Tool Set; Nessus Vulnerability Scanner Why You Need NessusSummary; Chapter 4: Vulnerabilities; Introduction; Importance of Patching is Paramount; What is a Vulnerability?; Memory Corruption Vulnerabilities; SQL Injections; Command Injection Attacks; Attack Example; Why do Vulnerabilities Exist?; What Can be Done to Prevent Vulnerabilities?; Developers; Poor Testing and Planning; Forbidden; Improper Variable Sanitization and Dangerous Inputs; Not Testing in a Broad Enough Environment; Testing for Various Versions of SQL; Interactions with Other Third-Party Extensions; End Users; Social Engineering; Poor Patching and Updating SummaryChapter 5: Anatomy of Attacks; Introduction; SQL Injections; Testing for SQL Injections; A Few Methods to Prevent SQL Injections; And According to PHP.NET; Remote File Includes; The Most Basic Attempt; What Can We Do to Stop This?; Preventing RFI Attacks; Summary; Chapter 6: How the Bad Guys Do It; Laws on the Books; Acquiring Target; Sizing up the Target; Vulnerability Tools; Nessus; Nikto: An Open-Source Vulnerability Scanner; Acunetix; NMAP; Wireshark; Ping Sweep; Firewalk; Angry IP Scanner; Digital Graffiti versus Real Attacks; Finding Targets to Attack; What Do I Do Then? Countermeasures |
Record Nr. | UNINA-9910454558203321 |
Canavan Tom
![]() |
||
Birmingham, U.K., : Packt Pub., c2008 | ||
![]() | ||
Lo trovi qui: Univ. Federico II | ||
|
Joomla! web security [[electronic resource] ] : secure your Joomla! website from common security threats with this easy-to-use guide / / Tom Canavan |
Autore | Canavan Tom |
Pubbl/distr/stampa | Birmingham, U.K., : Packt Pub., c2008 |
Descrizione fisica | 1 online resource (264 p.) |
Disciplina | 005.8 |
Collana | From technologies to solutions |
Soggetto topico |
Web sites - Security measures
Computer networks - Security measures Web sites - Authoring programs Web site development |
ISBN |
1-281-85616-9
9786611856168 1-84719-489-3 |
Formato | Materiale a stampa ![]() |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Cover; Table of Contents; Preface; Chapter 1: Let's Get Started; Introduction; Common Terminology; Hosting-Selection and Unique Needs; What Is a Host?; Choosing a Host; Questions to Ask a Prospective Host; Facilities; Things to Ask Your Host about Facility Security; Environmental Questions about the Facility; Site Monitoring and Protection; Patching and Security; Shared Hosting; Dedicated Hosting; Architecting for a Successful Site; What Is the Purpose of Your Site?; Eleven Steps to Successful Site Architecture; Downloading Joomla!; Settings; .htaccess; Permissions; User Management
Common Trip UpsFailure to Check Vulnerability List First; Register Globals, Again; Permissions; Poor Documentation; Got Backups?; Setting Up Security Metrics; Summary; Chapter 2: Test and Development; Welcome to the Laboratory!; Test and Development Environment; What Does This Have to Do with Security?; The Evil Hamster Wheel of Upgrades; Determine the Need for Upgrade; Developing Your Test Plan; Essential Parameters for a Successful Test; Using Your Test and Development Site for Disaster Planning; Updating Your Disaster Recovery Documentation Make DR Testing a Part of Your Upgrade/Rollout CycleCrafting Good Documentation; Using a Software Development Management System; Tour of Lighthouse from Artifact Software; Reporting; Using the Ravenswood Joomla! Server; Roll-out; Summary; Chapter 3: Tools; Introduction; Tools, Tools, and More Tools; HISA; Installation Check; Web-Server Environment; Required Settings for Joomla!; Recommended Settings; Joomla Tools Suite with Services; How's Our Health?; NMAP-Network Mapping Tool from insecure.org; Wireshark; Metasploit-The Penetration Testers Tool Set; Nessus Vulnerability Scanner Why You Need NessusSummary; Chapter 4: Vulnerabilities; Introduction; Importance of Patching is Paramount; What is a Vulnerability?; Memory Corruption Vulnerabilities; SQL Injections; Command Injection Attacks; Attack Example; Why do Vulnerabilities Exist?; What Can be Done to Prevent Vulnerabilities?; Developers; Poor Testing and Planning; Forbidden; Improper Variable Sanitization and Dangerous Inputs; Not Testing in a Broad Enough Environment; Testing for Various Versions of SQL; Interactions with Other Third-Party Extensions; End Users; Social Engineering; Poor Patching and Updating SummaryChapter 5: Anatomy of Attacks; Introduction; SQL Injections; Testing for SQL Injections; A Few Methods to Prevent SQL Injections; And According to PHP.NET; Remote File Includes; The Most Basic Attempt; What Can We Do to Stop This?; Preventing RFI Attacks; Summary; Chapter 6: How the Bad Guys Do It; Laws on the Books; Acquiring Target; Sizing up the Target; Vulnerability Tools; Nessus; Nikto: An Open-Source Vulnerability Scanner; Acunetix; NMAP; Wireshark; Ping Sweep; Firewalk; Angry IP Scanner; Digital Graffiti versus Real Attacks; Finding Targets to Attack; What Do I Do Then? Countermeasures |
Record Nr. | UNINA-9910777901703321 |
Canavan Tom
![]() |
||
Birmingham, U.K., : Packt Pub., c2008 | ||
![]() | ||
Lo trovi qui: Univ. Federico II | ||
|
Joomla! web security : secure your Joomla! website from common security threats with this easy-to-use guide / / Tom Canavan |
Autore | Canavan Tom |
Edizione | [1st ed.] |
Pubbl/distr/stampa | Birmingham, U.K., : Packt Pub., c2008 |
Descrizione fisica | 1 online resource (264 p.) |
Disciplina | 005.8 |
Collana | From technologies to solutions |
Soggetto topico |
Web sites - Security measures
Computer networks - Security measures Web sites - Authoring programs Web site development |
ISBN |
1-281-85616-9
9786611856168 1-84719-489-3 |
Formato | Materiale a stampa ![]() |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Cover; Table of Contents; Preface; Chapter 1: Let's Get Started; Introduction; Common Terminology; Hosting-Selection and Unique Needs; What Is a Host?; Choosing a Host; Questions to Ask a Prospective Host; Facilities; Things to Ask Your Host about Facility Security; Environmental Questions about the Facility; Site Monitoring and Protection; Patching and Security; Shared Hosting; Dedicated Hosting; Architecting for a Successful Site; What Is the Purpose of Your Site?; Eleven Steps to Successful Site Architecture; Downloading Joomla!; Settings; .htaccess; Permissions; User Management
Common Trip UpsFailure to Check Vulnerability List First; Register Globals, Again; Permissions; Poor Documentation; Got Backups?; Setting Up Security Metrics; Summary; Chapter 2: Test and Development; Welcome to the Laboratory!; Test and Development Environment; What Does This Have to Do with Security?; The Evil Hamster Wheel of Upgrades; Determine the Need for Upgrade; Developing Your Test Plan; Essential Parameters for a Successful Test; Using Your Test and Development Site for Disaster Planning; Updating Your Disaster Recovery Documentation Make DR Testing a Part of Your Upgrade/Rollout CycleCrafting Good Documentation; Using a Software Development Management System; Tour of Lighthouse from Artifact Software; Reporting; Using the Ravenswood Joomla! Server; Roll-out; Summary; Chapter 3: Tools; Introduction; Tools, Tools, and More Tools; HISA; Installation Check; Web-Server Environment; Required Settings for Joomla!; Recommended Settings; Joomla Tools Suite with Services; How's Our Health?; NMAP-Network Mapping Tool from insecure.org; Wireshark; Metasploit-The Penetration Testers Tool Set; Nessus Vulnerability Scanner Why You Need NessusSummary; Chapter 4: Vulnerabilities; Introduction; Importance of Patching is Paramount; What is a Vulnerability?; Memory Corruption Vulnerabilities; SQL Injections; Command Injection Attacks; Attack Example; Why do Vulnerabilities Exist?; What Can be Done to Prevent Vulnerabilities?; Developers; Poor Testing and Planning; Forbidden; Improper Variable Sanitization and Dangerous Inputs; Not Testing in a Broad Enough Environment; Testing for Various Versions of SQL; Interactions with Other Third-Party Extensions; End Users; Social Engineering; Poor Patching and Updating SummaryChapter 5: Anatomy of Attacks; Introduction; SQL Injections; Testing for SQL Injections; A Few Methods to Prevent SQL Injections; And According to PHP.NET; Remote File Includes; The Most Basic Attempt; What Can We Do to Stop This?; Preventing RFI Attacks; Summary; Chapter 6: How the Bad Guys Do It; Laws on the Books; Acquiring Target; Sizing up the Target; Vulnerability Tools; Nessus; Nikto: An Open-Source Vulnerability Scanner; Acunetix; NMAP; Wireshark; Ping Sweep; Firewalk; Angry IP Scanner; Digital Graffiti versus Real Attacks; Finding Targets to Attack; What Do I Do Then? Countermeasures |
Record Nr. | UNINA-9910813826203321 |
Canavan Tom
![]() |
||
Birmingham, U.K., : Packt Pub., c2008 | ||
![]() | ||
Lo trovi qui: Univ. Federico II | ||
|
Practical cryptology and web security / / P. K. Yuen |
Autore | Yuen P. K. |
Edizione | [1st ed.] |
Pubbl/distr/stampa | Harlow, England : , : Pearson Education Limited, , [2006] |
Descrizione fisica | 1 online resource (882 pages) : illustrations |
Disciplina | 005.82 |
Soggetto topico |
Cryptography
Web sites - Security measures |
ISBN |
1-281-06476-9
9786611064761 1-4058-9055-X |
Formato | Materiale a stampa ![]() |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Record Nr. | UNINA-9910154651903321 |
Yuen P. K.
![]() |
||
Harlow, England : , : Pearson Education Limited, , [2006] | ||
![]() | ||
Lo trovi qui: Univ. Federico II | ||
|
Safety of web applications : risks, encryption and handling vulnerabilities with PHP / / Eric Quinton |
Autore | Quinton Eric |
Pubbl/distr/stampa | London, [England] ; ; Oxford, [England] : , : ISTE Press : , : Elsevier, , 2017 |
Descrizione fisica | 1 online resource (226 pages) |
Disciplina | 005.8 |
Soggetto topico |
Computer networks - Security measures
Web sites - Security measures PHP (Computer program language) |
ISBN | 0-08-102362-6 |
Formato | Materiale a stampa ![]() |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto | Why Do Web Applications Need to be Secure? What is a web application? ; What is computer security? ; Examples of damage caused by security failures -- Estimating Risk. What is risk? ; How can we protect ourselves from risk? ; Determining the target ; Determining the impact ; Which causes or scenarios should be considered? ; How should this study be performed in a company setting? -- Encryption and Web Server Configuration. Examples of different web servers ; Introduction to concepts in encryption ; Generating and managing encryption certificates ; Implementing the HTTPS protocol ; Improving the security of the Apache server -- Threats and Protecting Against Them. The threats associated with web-based environments ; The top 10 most frequent attacks in 2013 ; Other countermeasures ; Implementing a resource controller -- Managing User Logins and Assigning. Permissions ; Managing user logins ; Managing permissions -- Using the MVC model to structure the application. Why does the application structure matter? ; What is the MVC model? ; Conclusion -- Implementing a Suitable Technical Platform and Testing the Application. Designing a suitable technical architecture ; Testing the security of the application ; What options do we have if implementing security measures for an application seems an impossible task? |
Record Nr. | UNINA-9910583028303321 |
Quinton Eric
![]() |
||
London, [England] ; ; Oxford, [England] : , : ISTE Press : , : Elsevier, , 2017 | ||
![]() | ||
Lo trovi qui: Univ. Federico II | ||
|