Đang chuẩn bị liên kết để tải về tài liệu:
Bảo mật cho joomla part 11

Cấu tạo của vụ tấn công Mark Twain đã từng nói, "Chỉ có hai điều chắc chắn trong cái chết, cuộc sống và các loại thuế." Ngay cả trong an ninh web có hai điều chắc chắn: Đó không phải là "nếu bạn bị tấn công", nhưng "khi nào và như thế nào" trang web của bạn sẽ bị lợi dụng. | This material is copyright and is licensed for the sole use by Thomas Rosenblum on 4th December 2008 1010 SW High Ave. Topeka 66604 5 Anatomy of Attacks Mark Twain once said There are only two certainties in life death and taxes. Even in web security there are two certainties It s not if you are attacked but when and how your site will be taken advantage of. There are many types of attacks that can happen to a website and several volumes consisting of thousands of pages have been written about them. In this short chapter we will focus on two types of attacks that can occur to your Joomla website. The attacks are SQL Injections and Remote File Includes. The former though very nasty can be prevented in many cases but the latter is a more difficult one to stop altogether. So it is important that you are aware of them and know their signs. In this chapter we will take a very recently discovered vulnerability in a popular extension at the time of writing and demonstrate an SQL attack and its results. This chapter is not meant to be a comprehensive review of either of the attacks. It presents ONLY a cursory view. At the end of this chapter are listed several volumes that cover this topic in excruciating detail. This chapter is written rather lightly just to give you an idea of how these attacks work and some methods to prevent them from working. The objective here is to familiarize you with these and give you a sense of awareness. We will take a look at the following topics to see how each of these can impact you and what you can do to minimize their impact SQL Injections Remote File Includes What can be done about them This material is copyright and is licensed for the sole use by Thomas Rosenblum on 4th December 2008 1010 SW High Ave. Topeka 66604 Anatomy of Attacks Introduction There are several types of attacks that your Joomla site may be vulnerable to such as CSRF Buffer Overflows Blind SQL Injection Denial of Service and others that are yet to be found. SQL .