RSS Feed
Twitter
Product Description
In Detail Joomla! is one of the most powerful open-source content management systems used to build websites and other powerful online applications. While Joomla! itself is inherently safe, misconfigurations, vulnerable components, poorly configured hosts, and weak passwords can all contribute to the downfall of your site. So, you need to know how to secure your website from security threats. Today every website needs to take security into consideration. Usi… More >>
Posted in 
Tags: .gif)
Given joomla’s intended audience, I’m sure there are a lot of inexperienced users that will benefit greatly from this book. Basically gives you an overview of the concepts and programs you’ll need to have a security plan in place as a small developer (imo joomla’s main user base.)
Experienced Joomla developers can likely still get a thing or two out of reading it, though nothing contained herein should be a surprise (if you consider yourself experienced at least). Discussions on documentation and formulation of emergency plans & procedures are useful because it’s perhaps something many self-taught/employed people are likely to be lacking. Quick enough that it’s not at all a wasted read for me, and I learned about a few security tools that are joomla specific I wasn’t otherwise aware of. In fact it sits on my shelf with other books to serve as a reference should I need it (which is to say it’s useful enough it’s not at the used book store.)
Rating: 3 / 5
I had commissioned a Joolma website and thought the writer had made it secure. After it was hacked and doing some research, I discovered that he had done little to make it secure.
So I got a copy of this book. After reading it, I confess that I am disappointed.
Halfway though I was just about to throw it out. But lucky I stuck though it as it got much better towards the end. There are some good point and some interesting software discussed.
Overall there is little useful. If you are a novice there is little you can use as it does not explain step by step how to do it, if you are an expert there is little new. For an experienced hacker it might be useful as it does review some software that could be useful.
I will use it as an occasional reference but that is all.
Rating: 3 / 5
I am a member of the New York Joomla group and a just love Joomla.
This is “a must” read book for all people that care about the security of a website. The book offers an excellent primer on basic web-security. It is written for the person who has not yet mastered the skills needed to properly secure a website.
For the Joomla user it covers many issues specific to the Joomla versions 1.0.x and 1.5.x. The book is written in simple language so that a non-tech person can understand the concepts. As a skilled and experienced Joomla user and host provider, I found many tips that can help me in monitoring the security of systems I administer.
The coverage of tools available and the appendix is alone worth the price alone.
Too often server and site security is not appreciated. Because of the simplicity of setting up a website, it is often assumed that everything is secure. That is not the case and the person managing a website needs to know what to look for. The coverage of the less obvious of security issues when two secure extensions cause a breach is excellent.
Again I would make this required reading for any person running Joomla.
Rating: 5 / 5
I got the book a few weeks ago. For a Joomla! newbie the book gives some pretty cool advice. I liked the fact that it not only discusses Joomla! but also how to choose and secure the server it is hosted on.
From php.ini to .htaccess to fighting SQL injections, this book has it all. And it’s a nice read too. I liked Tom Canavan’s writing style. For a technical book, this is really entertaining.
Rating: 5 / 5
As an administrator of Greece’s biggest Joomla! forum over the past three years (forum.joomla.gr), I was always shocked to see how light-heartedly web security was deferred to the Greek Calends not only by young Joomla! enthusiasts who simply wanted to set up their own place on the web but also by website developers who had to get the job finished and delivered to their unaware clients as soon as possible. Then, some day a bug would be discovered in Joomla!’s core code or one of its extensions, sites would be defaced, data would be lost and a long list of messages starting with “HELP!” would appear on our forum. Once a fix was released, the sites were restored, and everything was back in order, interest in web security would drop back to nil until the next server was compromised.
No matter whether you are developing your own website, whether somebody else has developed your website for your, or whether you are a professional website administrator that has always been interested in but scared of web security concepts, it’s high time you got out of this vicious circle. Tom Canavan’s Joomla! Web Security is here to help you do just that: set up a security framework and a work cycle that will help you stand your ground on the web.
Actually, I find this book’s title a bit misleading as it would make one think that it is all about Joomla! and that it would be completely irrelevant to anybody running a website that is based on Drupal, XOOP or any other of the PHP-based Content Management Systems that are available to the open source community. It is not! Only few of its pages contain information that could be relevant to Joomla! website implementations alone. Most of it is packed with sound advice, useful tips, and business strategies that can be applied to any website that uses PHP on an apache server, i.e. the most popular server configuration on the web today.
Joomla! Web Security starts with rudimentary issues such as the criteria you should have in mind when choosing a host for your website, the pros and cons of different hosting plans as far as security is concerned, and how to set up a secure Joomla! website with minimum fuss. If you thought that a test and development environment would only be of interest to PHP application developers, you will have to think again as Tom explains why you should realize that you need one and how you should go about setting it up locally. Once a website is up and running, any administrator with a certain amount of sense in him (or her) would need a set of tools to monitor and manage it. Chapter 3 presents a set of Joomla!-oriented and generic security tools such as JCheck and Nmap that help network and website administrators around the world safeguard their handiwork.
Since this book is all about protecting yourselves and the websites you run from outsiders and their eagerness to attack you, getting acquainted with their tricks and tactics is an asset any website administrator could not do without. Having that in mind, it is an advantage to have three chapters of Joomla! Web Security devoted to identifying vulnerabilities, attack analysis and hacking strategies based on real world incidents from the author’s experience. Of course, the sixty pages covered by these three chapters can only scratch the surface of a huge topic on which volumes of books have been written. Nevertheless, they constitute a comprehensive though short introduction to the subject of exploits and hacking attacks and should be taken as pointers to further reading.
Chapters 7 and 8 tackle the dark arts of fine tuning your .htaccess and php.ini files as well as reading, understanding and acting upon the entries of your log files. It would have been nice if chapter 7, in particular, were a bit more extended as it moves too swiftly from simple notions to complex rules that could baffle the reader. Every .htaccess rule is exemplified satisfactorily but, in compliance with the general practice of publicizing such tricks on various hacking websites around the net, their analysis seems to aim mainly at allowing the reader to copy them successfully and use them in his/her website rather than thoroughly understand what s/he is doing and how s/he is accomplishing it.
Finally, the two last chapters cover SSL and its integration into Joomla! as well as how one should react if, despite his or her best efforts, his/her website is compromised. Though these last chapters might seem to be written with corporate working environments in mind, they contain excellent advice that could be adapted and implemented even by small companies or freelancers that want to be able to keep their composure even when they find themselves in dire straights. Joomla! Web Security ends with an appendix that summarizes and acts as a reference to a lot of the information found in the book.
All in all, Tom Canavan’s Joomla! Web Security is a must-read for all Joomla! (and non-Joomla!) website administrators that are (or, rather, should be) concerned about the security of their website and the data stored therein. Those readers that had never before considered the security problems raised by their decision to publish a site on the web will find that the book offers them solid ground on which to start building their website defenses against intruders. On the other hand, experienced website administrators could use this book as a collection of security must-dos that they should go through each time they build or start managing a website.
Rating: 5 / 5