SlideShare a Scribd company logo

Joomla! Day Poland 2012 - Active Security for Joomla! sites

Download as KEY, PDF
Nicholas Dionysopoulos
Nicholas Dionysopoulos

This document provides an overview of active security measures for Joomla sites. It discusses establishing strong foundations by ensuring servers have updated software and proper permissions and ownership of files. It also recommends installing security rules and scripts. For site setup, it advises keeping Joomla and extensions updated and carefully considering installed extensions. It also stresses the importance of password length and complexity. Additional steps include using .htaccess rules to lock down sites, installing armor, performing backups, monitoring file changes and logs, and having a plan for if a site becomes hacked. It concludes by providing resources and discount information.

TechnologyDesign
1 of 35
Active security for Joomla! sites version 5.2
Mission: Impossible Talking in-depth about Joomla! security in 30 minutes or less... but I’ll try!
Put your pens away Sit back and enjoy
A site is like a building • Strong foundations • Careful construction • Active maintenance
Step 1: Strong foundations Your server setup - Geeky stuff ahead!
Updated server software PHP, MySQL, Apache, FTP Server...
mod_security for Apache Your server’s security guard
You need some rules Atomic (GotRoot) Rules: http://www.atomicorp.com/wiki/index.php/ Atomic_ModSecurity_Rules OWASP Rules: https://www.owasp.org/index.php/ Category:OWASP_ModSecurity_Core_Rule_Set_Projec t
Permissions & ownership Who can do what and where
Sane ownership & permissions All files and folders owned by the FTP user Folders: 0755 permissions Files: 0644 permissions Use Joomla!’s FTP mode on shared hosts Better yet, use suPHP or FastCGI
Too much to remember? Akeeba Backup User’s Guide, Security Information https://www.akeebabackup.com/documentation/ akeeba-backup-documentation/security-info.html 777: The number of the beast http://www.dionysopoulos.me/blog/777-the-number- of-the-beast
Make it all happen The magic script
https://github.com/betweenbrain/ubuntu-web- server-build-script written by Matt Thomas (@betweenbrain)
Step 2: Careful construction Your site setup
Update, yesterday Joomla! & extensions
Think before installing Don’t be the mouse in the trap!
Length matters
Your Password’s length matters
A terrifying thought Password hacking super-computer: 2,700 USD (2 years ago; much cheaper now)
How safe is your password? Password Bits Iterations Time to crack 15082005 13.6 12416 0.00038 msec admin 15.9 61147 0.00185 msec ortrtaortftaaidbt 67.7 2.39E+20 228.95 years 0rtrTA0rtfTa&idbT 88.2 3.55E+26 340 million years horse correct battery stapler 107.2 1.86E+32 178179 billion years
Lock it down Nothing on my site runs unless I say so
.htaccess Rules My Master .htaccess - FREE http://akeeba.assembla.com/code/master-htaccess/ git/nodes/htaccess.txt Admin Tools Professional - 20€ https://www.akeebabackup.com/products/46- software/855-admintools.html
Armor up Protect your site
Step 3: Active maintenance Staying on top of it all
Backups Frequent, automated, off-site backups
Monitor file changes A changed file is usually a bad thing
Monitor it Keep an eye on the logs
In spite of it all…
Dammit! You got hacked, now what?
DON’T PANIC
We’ve got instructions Unhacking your site https://www.akeebabackup.com/documentation/ walkthroughs/item/1124-unhacking-your-site.html You do have backups, right? Make sure you read the instructions before getting hacked.
Questions?
LE SS ME ! HA UG S PL 20% discount on all subscriptions Use coupon code JD12PL on https://www.AkeebaBackup.com/subscribe
“Quick! Snatch this presentation before I do!” http://akeeba.info/asjd12pl
Thank you for listening! Image credits: sxc.hu; istockphoto.com

Recommended

Config websocket on apache
Config websocket on apacheConfig websocket on apache
Config websocket on apache
baran19901990
 
Testando JavaScript com Spock
Testando JavaScript com SpockTestando JavaScript com Spock
Testando JavaScript com Spock
Ismael
 
PagerDuty | OSCON 2016 Failure Testing
PagerDuty | OSCON 2016 Failure TestingPagerDuty | OSCON 2016 Failure Testing
PagerDuty | OSCON 2016 Failure Testing
PagerDuty
 
High Performance Web Sites
High Performance Web SitesHigh Performance Web Sites
High Performance Web Sites
Ravi Raj
 
INSTALLION OF BI
INSTALLION OF BIINSTALLION OF BI
INSTALLION OF BIArjun deshwal
 
10 things
10 things10 things
10 things10n Software, LLC
 
12 Rocking Apache .htaccess Tutorial ...
12 Rocking Apache .htaccess Tutorial ...12 Rocking Apache .htaccess Tutorial ...
12 Rocking Apache .htaccess Tutorial ...wensheng wei
 
Oracle ODI & Oracle SOA installation
Oracle ODI & Oracle SOA installationOracle ODI & Oracle SOA installation
Oracle ODI & Oracle SOA installation
Osama Mustafa
 

Recommended

Config websocket on apache
Config websocket on apacheConfig websocket on apache
Config websocket on apache
baran19901990
 
Testando JavaScript com Spock
Testando JavaScript com SpockTestando JavaScript com Spock
Testando JavaScript com Spock
Ismael
 
PagerDuty | OSCON 2016 Failure Testing
PagerDuty | OSCON 2016 Failure TestingPagerDuty | OSCON 2016 Failure Testing
PagerDuty | OSCON 2016 Failure Testing
PagerDuty
 
High Performance Web Sites
High Performance Web SitesHigh Performance Web Sites
High Performance Web Sites
Ravi Raj
 
INSTALLION OF BI
INSTALLION OF BIINSTALLION OF BI
INSTALLION OF BIArjun deshwal
 
10 things
10 things10 things
10 things10n Software, LLC
 
12 Rocking Apache .htaccess Tutorial ...
12 Rocking Apache .htaccess Tutorial ...12 Rocking Apache .htaccess Tutorial ...
12 Rocking Apache .htaccess Tutorial ...wensheng wei
 
Oracle ODI & Oracle SOA installation
Oracle ODI & Oracle SOA installationOracle ODI & Oracle SOA installation
Oracle ODI & Oracle SOA installation
Osama Mustafa
 
Elastic search
Elastic searchElastic search
Elastic search
Rahul Agarwal
 
Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014
Puppet
 
Ajenti control panel
Ajenti control panel Ajenti control panel
Ajenti control panel
chacheng_dbl
 
Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...
Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...
Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...
NETWAYS
 
Play Framework in EC2
Play Framework in EC2Play Framework in EC2
Play Framework in EC2
kamarul kawnayeen
 
The MetaCPAN VM Part II (Using the VM)
The MetaCPAN VM Part II (Using the VM)The MetaCPAN VM Part II (Using the VM)
The MetaCPAN VM Part II (Using the VM)
Olaf Alders
 
Mangling
Mangling Mangling
Mangling Olaf Alders
 
Tp link error codes
Tp link error codesTp link error codes
Tp link error codes
PPCChamp - Digital Marketing & Consulting Company
 
Instalar un repositorio_centos
Instalar un repositorio_centosInstalar un repositorio_centos
Instalar un repositorio_centosJames Jara
 
Install edq on linux
Install edq on linuxInstall edq on linux
Install edq on linux
Osama Mustafa
 
New
NewNew
New
bassel1221
 
Aegir presentation
Aegir presentationAegir presentation
Aegir presentation
Mindtrades
 
Building a secure bastion, or, 50 ways to kill your server
Building a secure bastion, or, 50 ways to kill your serverBuilding a secure bastion, or, 50 ways to kill your server
Building a secure bastion, or, 50 ways to kill your server
Anna Kennedy
 
KOWAZA for mackerel
KOWAZA for mackerelKOWAZA for mackerel
KOWAZA for mackerel
karupanerura
 
State of wifi_2016
State of wifi_2016State of wifi_2016
State of wifi_2016
antitree
 
Installing Complex Event Processing On Linux
Installing Complex Event Processing On LinuxInstalling Complex Event Processing On Linux
Installing Complex Event Processing On Linux
Osama Mustafa
 
Joomladay Switzerland - security
Joomladay Switzerland - securityJoomladay Switzerland - security
Joomladay Switzerland - security
Wilco Jansen
 
Kyand IEC 61850 Modeling For Switch Management
Kyand IEC 61850 Modeling For Switch ManagementKyand IEC 61850 Modeling For Switch Management
Kyand IEC 61850 Modeling For Switch Management
ericjen
 
Joomla! Day Deutschland 2012 - Active Security
Joomla! Day Deutschland 2012 - Active SecurityJoomla! Day Deutschland 2012 - Active Security
Joomla! Day Deutschland 2012 - Active Security
Nicholas Dionysopoulos
 
IP Advantages Intro
IP Advantages IntroIP Advantages Intro
IP Advantages Introhyingli
 
Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...
Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...
Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...Nicholas Dionysopoulos
 
Absinthe
Absinthe Absinthe
Absinthe janysol
 

More Related Content

What's hot

Elastic search
Elastic searchElastic search
Elastic search
Rahul Agarwal
 
Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014
Puppet
 
Ajenti control panel
Ajenti control panel Ajenti control panel
Ajenti control panel
chacheng_dbl
 
Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...
Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...
Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...
NETWAYS
 
Play Framework in EC2
Play Framework in EC2Play Framework in EC2
Play Framework in EC2
kamarul kawnayeen
 
The MetaCPAN VM Part II (Using the VM)
The MetaCPAN VM Part II (Using the VM)The MetaCPAN VM Part II (Using the VM)
The MetaCPAN VM Part II (Using the VM)
Olaf Alders
 
Tp link error codes
Tp link error codesTp link error codes
Tp link error codes
PPCChamp - Digital Marketing & Consulting Company
 
Instalar un repositorio_centos
Instalar un repositorio_centosInstalar un repositorio_centos
Instalar un repositorio_centosJames Jara
 
Install edq on linux
Install edq on linuxInstall edq on linux
Install edq on linux
Osama Mustafa
 
New
NewNew
New
bassel1221
 
Aegir presentation
Aegir presentationAegir presentation
Aegir presentation
Mindtrades
 
Building a secure bastion, or, 50 ways to kill your server
Building a secure bastion, or, 50 ways to kill your serverBuilding a secure bastion, or, 50 ways to kill your server
Building a secure bastion, or, 50 ways to kill your server
Anna Kennedy
 
KOWAZA for mackerel
KOWAZA for mackerelKOWAZA for mackerel
KOWAZA for mackerel
karupanerura
 
State of wifi_2016
State of wifi_2016State of wifi_2016
State of wifi_2016
antitree
 
Installing Complex Event Processing On Linux
Installing Complex Event Processing On LinuxInstalling Complex Event Processing On Linux
Installing Complex Event Processing On Linux
Osama Mustafa
 
Joomladay Switzerland - security
Joomladay Switzerland - securityJoomladay Switzerland - security
Joomladay Switzerland - security
Wilco Jansen
 

What's hot (17)

Elastic search
Elastic searchElastic search
Elastic search
 
Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014
 
Ajenti control panel
Ajenti control panel Ajenti control panel
Ajenti control panel
 
Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...
Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...
Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...
 
Play Framework in EC2
Play Framework in EC2Play Framework in EC2
Play Framework in EC2
 
The MetaCPAN VM Part II (Using the VM)
The MetaCPAN VM Part II (Using the VM)The MetaCPAN VM Part II (Using the VM)
The MetaCPAN VM Part II (Using the VM)
 
Mangling
Mangling Mangling
Mangling
 
Tp link error codes
Tp link error codesTp link error codes
Tp link error codes
 
Instalar un repositorio_centos
Instalar un repositorio_centosInstalar un repositorio_centos
Instalar un repositorio_centos
 
Install edq on linux
Install edq on linuxInstall edq on linux
Install edq on linux
 
New
NewNew
New
 
Aegir presentation
Aegir presentationAegir presentation
Aegir presentation
 
Building a secure bastion, or, 50 ways to kill your server
Building a secure bastion, or, 50 ways to kill your serverBuilding a secure bastion, or, 50 ways to kill your server
Building a secure bastion, or, 50 ways to kill your server
 
KOWAZA for mackerel
KOWAZA for mackerelKOWAZA for mackerel
KOWAZA for mackerel
 
State of wifi_2016
State of wifi_2016State of wifi_2016
State of wifi_2016
 
Installing Complex Event Processing On Linux
Installing Complex Event Processing On LinuxInstalling Complex Event Processing On Linux
Installing Complex Event Processing On Linux
 
Joomladay Switzerland - security
Joomladay Switzerland - securityJoomladay Switzerland - security
Joomladay Switzerland - security
 

Viewers also liked

Kyand IEC 61850 Modeling For Switch Management
Kyand IEC 61850 Modeling For Switch ManagementKyand IEC 61850 Modeling For Switch Management
Kyand IEC 61850 Modeling For Switch Management
ericjen
 
Joomla! Day Deutschland 2012 - Active Security
Joomla! Day Deutschland 2012 - Active SecurityJoomla! Day Deutschland 2012 - Active Security
Joomla! Day Deutschland 2012 - Active Security
Nicholas Dionysopoulos
 
IP Advantages Intro
IP Advantages IntroIP Advantages Intro
IP Advantages Introhyingli
 
Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...
Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...
Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...Nicholas Dionysopoulos
 
Absinthe
Absinthe Absinthe
Absinthe janysol
 
Technology Action Plan
Technology Action PlanTechnology Action Plan
Technology Action Plana2vawter
 
The Spiritual Master
The Spiritual MasterThe Spiritual Master
The Spiritual MasterOm D
 
Advanced Akeeba Backup (Joomla! Day Denmark 2012)
Advanced Akeeba Backup (Joomla! Day Denmark 2012)Advanced Akeeba Backup (Joomla! Day Denmark 2012)
Advanced Akeeba Backup (Joomla! Day Denmark 2012)
Nicholas Dionysopoulos
 
FOF Rapid Application Development on Joomla! - Joomla! Day Denmark 2012
FOF Rapid Application Development on Joomla! - Joomla! Day Denmark 2012FOF Rapid Application Development on Joomla! - Joomla! Day Denmark 2012
FOF Rapid Application Development on Joomla! - Joomla! Day Denmark 2012
Nicholas Dionysopoulos
 
Joomla! Frappe - Κατασκευή εφαρμογών για το Joomla! χωρίς να τραβάτε τα μαλιά...
Joomla! Frappe - Κατασκευή εφαρμογών για το Joomla! χωρίς να τραβάτε τα μαλιά...Joomla! Frappe - Κατασκευή εφαρμογών για το Joomla! χωρίς να τραβάτε τα μαλιά...
Joomla! Frappe - Κατασκευή εφαρμογών για το Joomla! χωρίς να τραβάτε τα μαλιά...Nicholas Dionysopoulos
 
Rapid application development with FOF
Rapid application development with FOFRapid application development with FOF
Rapid application development with FOF
Nicholas Dionysopoulos
 
JWC - Rapid application development with FOF
JWC - Rapid application development with FOFJWC - Rapid application development with FOF
JWC - Rapid application development with FOF
Nicholas Dionysopoulos
 
Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013
Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013
Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013
Nicholas Dionysopoulos
 
Hidden in plain site – joomla! hidden secrets for code monkeys
Hidden in plain site – joomla! hidden secrets for code monkeysHidden in plain site – joomla! hidden secrets for code monkeys
Hidden in plain site – joomla! hidden secrets for code monkeys
Nicholas Dionysopoulos
 
IP Advantages LLC
IP Advantages LLCIP Advantages LLC
IP Advantages LLChyingli
 
Promotion
PromotionPromotion
Promotion
Blue Ocean Network Café
 

Viewers also liked (17)

Kyand IEC 61850 Modeling For Switch Management
Kyand IEC 61850 Modeling For Switch ManagementKyand IEC 61850 Modeling For Switch Management
Kyand IEC 61850 Modeling For Switch Management
 
Joomla! Day Deutschland 2012 - Active Security
Joomla! Day Deutschland 2012 - Active SecurityJoomla! Day Deutschland 2012 - Active Security
Joomla! Day Deutschland 2012 - Active Security
 
IP Advantages Intro
IP Advantages IntroIP Advantages Intro
IP Advantages Intro
 
Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...
Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...
Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...
 
Absinthe
Absinthe Absinthe
Absinthe
 
Technology Action Plan
Technology Action PlanTechnology Action Plan
Technology Action Plan
 
The Spiritual Master
The Spiritual MasterThe Spiritual Master
The Spiritual Master
 
Advanced Akeeba Backup (Joomla! Day Denmark 2012)
Advanced Akeeba Backup (Joomla! Day Denmark 2012)Advanced Akeeba Backup (Joomla! Day Denmark 2012)
Advanced Akeeba Backup (Joomla! Day Denmark 2012)
 
FOF Rapid Application Development on Joomla! - Joomla! Day Denmark 2012
FOF Rapid Application Development on Joomla! - Joomla! Day Denmark 2012FOF Rapid Application Development on Joomla! - Joomla! Day Denmark 2012
FOF Rapid Application Development on Joomla! - Joomla! Day Denmark 2012
 
Joomla! Frappe - Κατασκευή εφαρμογών για το Joomla! χωρίς να τραβάτε τα μαλιά...
Joomla! Frappe - Κατασκευή εφαρμογών για το Joomla! χωρίς να τραβάτε τα μαλιά...Joomla! Frappe - Κατασκευή εφαρμογών για το Joomla! χωρίς να τραβάτε τα μαλιά...
Joomla! Frappe - Κατασκευή εφαρμογών για το Joomla! χωρίς να τραβάτε τα μαλιά...
 
Rapid application development with FOF
Rapid application development with FOFRapid application development with FOF
Rapid application development with FOF
 
JWC - Rapid application development with FOF
JWC - Rapid application development with FOFJWC - Rapid application development with FOF
JWC - Rapid application development with FOF
 
Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013
Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013
Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013
 
Hidden in plain site – joomla! hidden secrets for code monkeys
Hidden in plain site – joomla! hidden secrets for code monkeysHidden in plain site – joomla! hidden secrets for code monkeys
Hidden in plain site – joomla! hidden secrets for code monkeys
 
IP Advantages LLC
IP Advantages LLCIP Advantages LLC
IP Advantages LLC
 
Promotion
PromotionPromotion
Promotion
 
Boc2010
Boc2010Boc2010
Boc2010
 

Similar to Joomla! Day Poland 2012 - Active Security for Joomla! sites

Badge Poser v3.0 - A DevOps Journey
Badge Poser v3.0 - A DevOps JourneyBadge Poser v3.0 - A DevOps Journey
Badge Poser v3.0 - A DevOps Journey
Fabio Cicerchia
 
Joomla! Performance on Steroids
Joomla! Performance on SteroidsJoomla! Performance on Steroids
Joomla! Performance on Steroids
SiteGround.com
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalability
Wim Godden
 
Caching and tuning fun for high scalability @ FOSDEM 2012
Caching and tuning fun for high scalability @ FOSDEM 2012Caching and tuning fun for high scalability @ FOSDEM 2012
Caching and tuning fun for high scalability @ FOSDEM 2012
Wim Godden
 
Pipe your script to slack
Pipe your script to slackPipe your script to slack
Pipe your script to slack
Chikashi Kato
 
Caching and tuning fun for high scalability @ FrOSCon 2011
Caching and tuning fun for high scalability @ FrOSCon 2011Caching and tuning fun for high scalability @ FrOSCon 2011
Caching and tuning fun for high scalability @ FrOSCon 2011
Wim Godden
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalability
Wim Godden
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The Enterprise
Jason Ross
 
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itMaking Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
Tim Plummer
 
WE18_Performance_Up.ppt
WE18_Performance_Up.pptWE18_Performance_Up.ppt
WE18_Performance_Up.pptwebhostingguy
 
Advanced caching techniques with ehcache, big memory, terracotta, and coldfusion
Advanced caching techniques with ehcache, big memory, terracotta, and coldfusionAdvanced caching techniques with ehcache, big memory, terracotta, and coldfusion
Advanced caching techniques with ehcache, big memory, terracotta, and coldfusionColdFusionConference
 
Csdn Drdobbs Tenni Theurer Yahoo
Csdn Drdobbs Tenni Theurer YahooCsdn Drdobbs Tenni Theurer Yahoo
Csdn Drdobbs Tenni Theurer Yahooguestb1b95b
 
SQL Server On SANs
SQL Server On SANsSQL Server On SANs
SQL Server On SANs
Quest Software
 
Salt conf 2014 - Using SaltStack in high availability environments
Salt conf 2014 - Using SaltStack in high availability environmentsSalt conf 2014 - Using SaltStack in high availability environments
Salt conf 2014 - Using SaltStack in high availability environments
Benjamin Cane
 
Magento performances 2015 best practices
Magento performances 2015 best practicesMagento performances 2015 best practices
Magento performances 2015 best practices
NBS System
 
Defcon - Veil-Pillage
Defcon - Veil-PillageDefcon - Veil-Pillage
Defcon - Veil-Pillage
VeilFramework
 
CIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEMCIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEM
ICF CIRCUIT
 
Lonestar php scalingmagento
Lonestar php scalingmagentoLonestar php scalingmagento
Lonestar php scalingmagento
Mathew Beane
 
No locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureNo locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructure
Andrew Petukhov
 
OWASP Thailand 2016 - Joomla Security
OWASP Thailand 2016 - Joomla Security OWASP Thailand 2016 - Joomla Security
OWASP Thailand 2016 - Joomla Security
Akarawuth Tamrareang
 

Similar to Joomla! Day Poland 2012 - Active Security for Joomla! sites (20)

Badge Poser v3.0 - A DevOps Journey
Badge Poser v3.0 - A DevOps JourneyBadge Poser v3.0 - A DevOps Journey
Badge Poser v3.0 - A DevOps Journey
 
Joomla! Performance on Steroids
Joomla! Performance on SteroidsJoomla! Performance on Steroids
Joomla! Performance on Steroids
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalability
 
Caching and tuning fun for high scalability @ FOSDEM 2012
Caching and tuning fun for high scalability @ FOSDEM 2012Caching and tuning fun for high scalability @ FOSDEM 2012
Caching and tuning fun for high scalability @ FOSDEM 2012
 
Pipe your script to slack
Pipe your script to slackPipe your script to slack
Pipe your script to slack
 
Caching and tuning fun for high scalability @ FrOSCon 2011
Caching and tuning fun for high scalability @ FrOSCon 2011Caching and tuning fun for high scalability @ FrOSCon 2011
Caching and tuning fun for high scalability @ FrOSCon 2011
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalability
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The Enterprise
 
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itMaking Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
 
WE18_Performance_Up.ppt
WE18_Performance_Up.pptWE18_Performance_Up.ppt
WE18_Performance_Up.ppt
 
Advanced caching techniques with ehcache, big memory, terracotta, and coldfusion
Advanced caching techniques with ehcache, big memory, terracotta, and coldfusionAdvanced caching techniques with ehcache, big memory, terracotta, and coldfusion
Advanced caching techniques with ehcache, big memory, terracotta, and coldfusion
 
Csdn Drdobbs Tenni Theurer Yahoo
Csdn Drdobbs Tenni Theurer YahooCsdn Drdobbs Tenni Theurer Yahoo
Csdn Drdobbs Tenni Theurer Yahoo
 
SQL Server On SANs
SQL Server On SANsSQL Server On SANs
SQL Server On SANs
 
Salt conf 2014 - Using SaltStack in high availability environments
Salt conf 2014 - Using SaltStack in high availability environmentsSalt conf 2014 - Using SaltStack in high availability environments
Salt conf 2014 - Using SaltStack in high availability environments
 
Magento performances 2015 best practices
Magento performances 2015 best practicesMagento performances 2015 best practices
Magento performances 2015 best practices
 
Defcon - Veil-Pillage
Defcon - Veil-PillageDefcon - Veil-Pillage
Defcon - Veil-Pillage
 
CIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEMCIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEM
 
Lonestar php scalingmagento
Lonestar php scalingmagentoLonestar php scalingmagento
Lonestar php scalingmagento
 
No locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureNo locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructure
 
OWASP Thailand 2016 - Joomla Security
OWASP Thailand 2016 - Joomla Security OWASP Thailand 2016 - Joomla Security
OWASP Thailand 2016 - Joomla Security
 

Recently uploaded

JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 

Recently uploaded (20)

JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 

Joomla! Day Poland 2012 - Active Security for Joomla! sites

Editor's Notes

  1. Scratches the surface\nImperative everyone follows this advice\n\nNext: Me\n
  2. \n
  3. \n
  4. Make it harder, not impossible\n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. Whitepixel + cheap hardware\nCosts $2,800\nBreaks 33.1 billion passwords / second\nNext: sample pw\n
  20. All about entropy.\nWords stronger than random garbage\nThere’s a catch. All words = 1 day. Add numbers/padding to increase entropy.\nNext: 777\n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n
  30. \n
  31. \n
  32. Ask your questions!\n\nNext: QR-Code\n
  33. \n
  34. Ask your questions!\n\nNext: QR-Code\n
  35. Thank you for listening\n\nTHE END\n