SlideShare uma empresa Scribd logo

Joomla! Day Poland 2012 - Active Security for Joomla! sites

Transferir como KEY, PDF
Nicholas Dionysopoulos
Nicholas Dionysopoulos
TecnologiaDesign
1 de 35
Active security for Joomla! sites version 5.2
Mission: Impossible Talking in-depth about Joomla! security in 30 minutes or less... but I’ll try!
Put your pens away Sit back and enjoy
A site is like a building • Strong foundations • Careful construction • Active maintenance
Step 1: Strong foundations Your server setup - Geeky stuff ahead!
Updated server software PHP, MySQL, Apache, FTP Server...
mod_security for Apache Your server’s security guard
You need some rules Atomic (GotRoot) Rules: http://www.atomicorp.com/wiki/index.php/ Atomic_ModSecurity_Rules OWASP Rules: https://www.owasp.org/index.php/ Category:OWASP_ModSecurity_Core_Rule_Set_Projec t
Permissions & ownership Who can do what and where
Sane ownership & permissions All files and folders owned by the FTP user Folders: 0755 permissions Files: 0644 permissions Use Joomla!’s FTP mode on shared hosts Better yet, use suPHP or FastCGI
Too much to remember? Akeeba Backup User’s Guide, Security Information https://www.akeebabackup.com/documentation/ akeeba-backup-documentation/security-info.html 777: The number of the beast http://www.dionysopoulos.me/blog/777-the-number- of-the-beast
Make it all happen The magic script
https://github.com/betweenbrain/ubuntu-web- server-build-script written by Matt Thomas (@betweenbrain)
Step 2: Careful construction Your site setup
Update, yesterday Joomla! & extensions
Think before installing Don’t be the mouse in the trap!
Length matters
Your Password’s length matters
A terrifying thought Password hacking super-computer: 2,700 USD (2 years ago; much cheaper now)
How safe is your password? Password Bits Iterations Time to crack 15082005 13.6 12416 0.00038 msec admin 15.9 61147 0.00185 msec ortrtaortftaaidbt 67.7 2.39E+20 228.95 years 0rtrTA0rtfTa&idbT 88.2 3.55E+26 340 million years horse correct battery stapler 107.2 1.86E+32 178179 billion years
Lock it down Nothing on my site runs unless I say so
.htaccess Rules My Master .htaccess - FREE http://akeeba.assembla.com/code/master-htaccess/ git/nodes/htaccess.txt Admin Tools Professional - 20€ https://www.akeebabackup.com/products/46- software/855-admintools.html
Armor up Protect your site
Step 3: Active maintenance Staying on top of it all
Backups Frequent, automated, off-site backups
Monitor file changes A changed file is usually a bad thing
Monitor it Keep an eye on the logs
In spite of it all…
Dammit! You got hacked, now what?
DON’T PANIC
We’ve got instructions Unhacking your site https://www.akeebabackup.com/documentation/ walkthroughs/item/1124-unhacking-your-site.html You do have backups, right? Make sure you read the instructions before getting hacked.
Questions?
LE SS ME ! HA UG S PL 20% discount on all subscriptions Use coupon code JD12PL on https://www.AkeebaBackup.com/subscribe
“Quick! Snatch this presentation before I do!” http://akeeba.info/asjd12pl
Thank you for listening! Image credits: sxc.hu; istockphoto.com

Recomendados

Config websocket on apache
Config websocket on apacheConfig websocket on apache
Config websocket on apachebaran19901990
 
Testando JavaScript com Spock
Testando JavaScript com SpockTestando JavaScript com Spock
Testando JavaScript com SpockIsmael
 
PagerDuty | OSCON 2016 Failure Testing
PagerDuty | OSCON 2016 Failure TestingPagerDuty | OSCON 2016 Failure Testing
PagerDuty | OSCON 2016 Failure TestingPagerDuty
 
High Performance Web Sites
High Performance Web SitesHigh Performance Web Sites
High Performance Web SitesRavi Raj
 
INSTALLION OF BI
INSTALLION OF BIINSTALLION OF BI
INSTALLION OF BIArjun deshwal
 
10 things
10 things10 things
10 things10n Software, LLC
 
12 Rocking Apache .htaccess Tutorial ...
12 Rocking Apache .htaccess Tutorial ...12 Rocking Apache .htaccess Tutorial ...
12 Rocking Apache .htaccess Tutorial ...wensheng wei
 
Oracle ODI & Oracle SOA installation
Oracle ODI & Oracle SOA installationOracle ODI & Oracle SOA installation
Oracle ODI & Oracle SOA installationOsama Mustafa
 

Recomendados

Config websocket on apache
Config websocket on apacheConfig websocket on apache
Config websocket on apachebaran19901990
 
Testando JavaScript com Spock
Testando JavaScript com SpockTestando JavaScript com Spock
Testando JavaScript com SpockIsmael
 
PagerDuty | OSCON 2016 Failure Testing
PagerDuty | OSCON 2016 Failure TestingPagerDuty | OSCON 2016 Failure Testing
PagerDuty | OSCON 2016 Failure TestingPagerDuty
 
High Performance Web Sites
High Performance Web SitesHigh Performance Web Sites
High Performance Web SitesRavi Raj
 
INSTALLION OF BI
INSTALLION OF BIINSTALLION OF BI
INSTALLION OF BIArjun deshwal
 
10 things
10 things10 things
10 things10n Software, LLC
 
12 Rocking Apache .htaccess Tutorial ...
12 Rocking Apache .htaccess Tutorial ...12 Rocking Apache .htaccess Tutorial ...
12 Rocking Apache .htaccess Tutorial ...wensheng wei
 
Oracle ODI & Oracle SOA installation
Oracle ODI & Oracle SOA installationOracle ODI & Oracle SOA installation
Oracle ODI & Oracle SOA installationOsama Mustafa
 
Elastic search
Elastic searchElastic search
Elastic searchRahul Agarwal
 
Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014Puppet
 
Ajenti control panel
Ajenti control panel Ajenti control panel
Ajenti control panel chacheng_dbl
 
Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...
Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...
Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...NETWAYS
 
Play Framework in EC2
Play Framework in EC2Play Framework in EC2
Play Framework in EC2kamarul kawnayeen
 
The MetaCPAN VM Part II (Using the VM)
The MetaCPAN VM Part II (Using the VM)The MetaCPAN VM Part II (Using the VM)
The MetaCPAN VM Part II (Using the VM)Olaf Alders
 
Mangling
Mangling Mangling
Mangling Olaf Alders
 
Tp link error codes
Tp link error codesTp link error codes
Tp link error codesPPCChamp - Digital Marketing & Consulting Company
 
Instalar un repositorio_centos
Instalar un repositorio_centosInstalar un repositorio_centos
Instalar un repositorio_centosJames Jara
 
Install edq on linux
Install edq on linuxInstall edq on linux
Install edq on linuxOsama Mustafa
 
New
NewNew
Newbassel1221
 
Aegir presentation
Aegir presentationAegir presentation
Aegir presentationMindtrades
 
Building a secure bastion, or, 50 ways to kill your server
Building a secure bastion, or, 50 ways to kill your serverBuilding a secure bastion, or, 50 ways to kill your server
Building a secure bastion, or, 50 ways to kill your serverAnna Kennedy
 
KOWAZA for mackerel
KOWAZA for mackerelKOWAZA for mackerel
KOWAZA for mackerelkarupanerura
 
State of wifi_2016
State of wifi_2016State of wifi_2016
State of wifi_2016antitree
 
Installing Complex Event Processing On Linux
Installing Complex Event Processing On LinuxInstalling Complex Event Processing On Linux
Installing Complex Event Processing On LinuxOsama Mustafa
 
Joomladay Switzerland - security
Joomladay Switzerland - securityJoomladay Switzerland - security
Joomladay Switzerland - securityWilco Jansen
 
Kyand IEC 61850 Modeling For Switch Management
Kyand IEC 61850 Modeling For Switch ManagementKyand IEC 61850 Modeling For Switch Management
Kyand IEC 61850 Modeling For Switch Managementericjen
 
Joomla! Day Deutschland 2012 - Active Security
Joomla! Day Deutschland 2012 - Active SecurityJoomla! Day Deutschland 2012 - Active Security
Joomla! Day Deutschland 2012 - Active SecurityNicholas Dionysopoulos
 
IP Advantages Intro
IP Advantages IntroIP Advantages Intro
IP Advantages Introhyingli
 
Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...
Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...
Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...Nicholas Dionysopoulos
 
Absinthe
Absinthe Absinthe
Absinthe janysol
 

Mais conteúdo relacionado

Mais procurados

Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014Puppet
 
Ajenti control panel
Ajenti control panel Ajenti control panel
Ajenti control panel chacheng_dbl
 
Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...
Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...
Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...NETWAYS
 
The MetaCPAN VM Part II (Using the VM)
The MetaCPAN VM Part II (Using the VM)The MetaCPAN VM Part II (Using the VM)
The MetaCPAN VM Part II (Using the VM)Olaf Alders
 
Instalar un repositorio_centos
Instalar un repositorio_centosInstalar un repositorio_centos
Instalar un repositorio_centosJames Jara
 
Install edq on linux
Install edq on linuxInstall edq on linux
Install edq on linuxOsama Mustafa
 
Aegir presentation
Aegir presentationAegir presentation
Aegir presentationMindtrades
 
Building a secure bastion, or, 50 ways to kill your server
Building a secure bastion, or, 50 ways to kill your serverBuilding a secure bastion, or, 50 ways to kill your server
Building a secure bastion, or, 50 ways to kill your serverAnna Kennedy
 
State of wifi_2016
State of wifi_2016State of wifi_2016
State of wifi_2016antitree
 
Installing Complex Event Processing On Linux
Installing Complex Event Processing On LinuxInstalling Complex Event Processing On Linux
Installing Complex Event Processing On LinuxOsama Mustafa
 
Joomladay Switzerland - security
Joomladay Switzerland - securityJoomladay Switzerland - security
Joomladay Switzerland - securityWilco Jansen
 

Mais procurados (17)

Elastic search
Elastic searchElastic search
Elastic search
 
Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014
 
Ajenti control panel
Ajenti control panel Ajenti control panel
Ajenti control panel
 
Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...
Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...
Puppet Camp Berlin 2015: Pedro Pessoa | Puppet at the center of everything - ...
 
Play Framework in EC2
Play Framework in EC2Play Framework in EC2
Play Framework in EC2
 
The MetaCPAN VM Part II (Using the VM)
The MetaCPAN VM Part II (Using the VM)The MetaCPAN VM Part II (Using the VM)
The MetaCPAN VM Part II (Using the VM)
 
Mangling
Mangling Mangling
Mangling
 
Tp link error codes
Tp link error codesTp link error codes
Tp link error codes
 
Instalar un repositorio_centos
Instalar un repositorio_centosInstalar un repositorio_centos
Instalar un repositorio_centos
 
Install edq on linux
Install edq on linuxInstall edq on linux
Install edq on linux
 
New
NewNew
New
 
Aegir presentation
Aegir presentationAegir presentation
Aegir presentation
 
Building a secure bastion, or, 50 ways to kill your server
Building a secure bastion, or, 50 ways to kill your serverBuilding a secure bastion, or, 50 ways to kill your server
Building a secure bastion, or, 50 ways to kill your server
 
KOWAZA for mackerel
KOWAZA for mackerelKOWAZA for mackerel
KOWAZA for mackerel
 
State of wifi_2016
State of wifi_2016State of wifi_2016
State of wifi_2016
 
Installing Complex Event Processing On Linux
Installing Complex Event Processing On LinuxInstalling Complex Event Processing On Linux
Installing Complex Event Processing On Linux
 
Joomladay Switzerland - security
Joomladay Switzerland - securityJoomladay Switzerland - security
Joomladay Switzerland - security
 

Destaque

Kyand IEC 61850 Modeling For Switch Management
Kyand IEC 61850 Modeling For Switch ManagementKyand IEC 61850 Modeling For Switch Management
Kyand IEC 61850 Modeling For Switch Managementericjen
 
Joomla! Day Deutschland 2012 - Active Security
Joomla! Day Deutschland 2012 - Active SecurityJoomla! Day Deutschland 2012 - Active Security
Joomla! Day Deutschland 2012 - Active SecurityNicholas Dionysopoulos
 
IP Advantages Intro
IP Advantages IntroIP Advantages Intro
IP Advantages Introhyingli
 
Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...
Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...
Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...Nicholas Dionysopoulos
 
Absinthe
Absinthe Absinthe
Absinthe janysol
 
Technology Action Plan
Technology Action PlanTechnology Action Plan
Technology Action Plana2vawter
 
The Spiritual Master
The Spiritual MasterThe Spiritual Master
The Spiritual MasterOm D
 
Advanced Akeeba Backup (Joomla! Day Denmark 2012)
Advanced Akeeba Backup (Joomla! Day Denmark 2012)Advanced Akeeba Backup (Joomla! Day Denmark 2012)
Advanced Akeeba Backup (Joomla! Day Denmark 2012)Nicholas Dionysopoulos
 
FOF Rapid Application Development on Joomla! - Joomla! Day Denmark 2012
FOF Rapid Application Development on Joomla! - Joomla! Day Denmark 2012FOF Rapid Application Development on Joomla! - Joomla! Day Denmark 2012
FOF Rapid Application Development on Joomla! - Joomla! Day Denmark 2012Nicholas Dionysopoulos
 
Joomla! Frappe - Κατασκευή εφαρμογών για το Joomla! χωρίς να τραβάτε τα μαλιά...
Joomla! Frappe - Κατασκευή εφαρμογών για το Joomla! χωρίς να τραβάτε τα μαλιά...Joomla! Frappe - Κατασκευή εφαρμογών για το Joomla! χωρίς να τραβάτε τα μαλιά...
Joomla! Frappe - Κατασκευή εφαρμογών για το Joomla! χωρίς να τραβάτε τα μαλιά...Nicholas Dionysopoulos
 
Rapid application development with FOF
Rapid application development with FOFRapid application development with FOF
Rapid application development with FOFNicholas Dionysopoulos
 
JWC - Rapid application development with FOF
JWC - Rapid application development with FOFJWC - Rapid application development with FOF
JWC - Rapid application development with FOFNicholas Dionysopoulos
 
Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013
Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013
Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013Nicholas Dionysopoulos
 
Hidden in plain site – joomla! hidden secrets for code monkeys
Hidden in plain site – joomla! hidden secrets for code monkeysHidden in plain site – joomla! hidden secrets for code monkeys
Hidden in plain site – joomla! hidden secrets for code monkeysNicholas Dionysopoulos
 
IP Advantages LLC
IP Advantages LLCIP Advantages LLC
IP Advantages LLChyingli
 

Destaque (17)

Kyand IEC 61850 Modeling For Switch Management
Kyand IEC 61850 Modeling For Switch ManagementKyand IEC 61850 Modeling For Switch Management
Kyand IEC 61850 Modeling For Switch Management
 
Joomla! Day Deutschland 2012 - Active Security
Joomla! Day Deutschland 2012 - Active SecurityJoomla! Day Deutschland 2012 - Active Security
Joomla! Day Deutschland 2012 - Active Security
 
IP Advantages Intro
IP Advantages IntroIP Advantages Intro
IP Advantages Intro
 
Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...
Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...
Joomla! Day Poland 2012 - Advanced Akeeba Backup - Beyond just backing up you...
 
Absinthe
Absinthe Absinthe
Absinthe
 
Technology Action Plan
Technology Action PlanTechnology Action Plan
Technology Action Plan
 
The Spiritual Master
The Spiritual MasterThe Spiritual Master
The Spiritual Master
 
Advanced Akeeba Backup (Joomla! Day Denmark 2012)
Advanced Akeeba Backup (Joomla! Day Denmark 2012)Advanced Akeeba Backup (Joomla! Day Denmark 2012)
Advanced Akeeba Backup (Joomla! Day Denmark 2012)
 
FOF Rapid Application Development on Joomla! - Joomla! Day Denmark 2012
FOF Rapid Application Development on Joomla! - Joomla! Day Denmark 2012FOF Rapid Application Development on Joomla! - Joomla! Day Denmark 2012
FOF Rapid Application Development on Joomla! - Joomla! Day Denmark 2012
 
Joomla! Frappe - Κατασκευή εφαρμογών για το Joomla! χωρίς να τραβάτε τα μαλιά...
Joomla! Frappe - Κατασκευή εφαρμογών για το Joomla! χωρίς να τραβάτε τα μαλιά...Joomla! Frappe - Κατασκευή εφαρμογών για το Joomla! χωρίς να τραβάτε τα μαλιά...
Joomla! Frappe - Κατασκευή εφαρμογών για το Joomla! χωρίς να τραβάτε τα μαλιά...
 
Rapid application development with FOF
Rapid application development with FOFRapid application development with FOF
Rapid application development with FOF
 
JWC - Rapid application development with FOF
JWC - Rapid application development with FOFJWC - Rapid application development with FOF
JWC - Rapid application development with FOF
 
Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013
Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013
Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013
 
Hidden in plain site – joomla! hidden secrets for code monkeys
Hidden in plain site – joomla! hidden secrets for code monkeysHidden in plain site – joomla! hidden secrets for code monkeys
Hidden in plain site – joomla! hidden secrets for code monkeys
 
IP Advantages LLC
IP Advantages LLCIP Advantages LLC
IP Advantages LLC
 
Promotion
PromotionPromotion
Promotion
 
Boc2010
Boc2010Boc2010
Boc2010
 

Semelhante a Joomla! Day Poland 2012 - Active Security for Joomla! sites

Badge Poser v3.0 - A DevOps Journey
Badge Poser v3.0 - A DevOps JourneyBadge Poser v3.0 - A DevOps Journey
Badge Poser v3.0 - A DevOps JourneyFabio Cicerchia
 
Joomla! Performance on Steroids
Joomla! Performance on SteroidsJoomla! Performance on Steroids
Joomla! Performance on SteroidsSiteGround.com
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalabilityWim Godden
 
Caching and tuning fun for high scalability @ FOSDEM 2012
Caching and tuning fun for high scalability @ FOSDEM 2012Caching and tuning fun for high scalability @ FOSDEM 2012
Caching and tuning fun for high scalability @ FOSDEM 2012Wim Godden
 
Pipe your script to slack
Pipe your script to slackPipe your script to slack
Pipe your script to slackChikashi Kato
 
Caching and tuning fun for high scalability @ FrOSCon 2011
Caching and tuning fun for high scalability @ FrOSCon 2011Caching and tuning fun for high scalability @ FrOSCon 2011
Caching and tuning fun for high scalability @ FrOSCon 2011Wim Godden
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalabilityWim Godden
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The EnterpriseJason Ross
 
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itMaking Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itTim Plummer
 
WE18_Performance_Up.ppt
WE18_Performance_Up.pptWE18_Performance_Up.ppt
WE18_Performance_Up.pptwebhostingguy
 
Advanced caching techniques with ehcache, big memory, terracotta, and coldfusion
Advanced caching techniques with ehcache, big memory, terracotta, and coldfusionAdvanced caching techniques with ehcache, big memory, terracotta, and coldfusion
Advanced caching techniques with ehcache, big memory, terracotta, and coldfusionColdFusionConference
 
Csdn Drdobbs Tenni Theurer Yahoo
Csdn Drdobbs Tenni Theurer YahooCsdn Drdobbs Tenni Theurer Yahoo
Csdn Drdobbs Tenni Theurer Yahooguestb1b95b
 
Salt conf 2014 - Using SaltStack in high availability environments
Salt conf 2014 - Using SaltStack in high availability environmentsSalt conf 2014 - Using SaltStack in high availability environments
Salt conf 2014 - Using SaltStack in high availability environmentsBenjamin Cane
 
Magento performances 2015 best practices
Magento performances 2015 best practicesMagento performances 2015 best practices
Magento performances 2015 best practicesNBS System
 
Defcon - Veil-Pillage
Defcon - Veil-PillageDefcon - Veil-Pillage
Defcon - Veil-PillageVeilFramework
 
CIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEMCIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEMICF CIRCUIT
 
Lonestar php scalingmagento
Lonestar php scalingmagentoLonestar php scalingmagento
Lonestar php scalingmagentoMathew Beane
 
No locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureNo locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureAndrew Petukhov
 
OWASP Thailand 2016 - Joomla Security
OWASP Thailand 2016 - Joomla Security OWASP Thailand 2016 - Joomla Security
OWASP Thailand 2016 - Joomla Security Akarawuth Tamrareang
 

Semelhante a Joomla! Day Poland 2012 - Active Security for Joomla! sites (20)

Badge Poser v3.0 - A DevOps Journey
Badge Poser v3.0 - A DevOps JourneyBadge Poser v3.0 - A DevOps Journey
Badge Poser v3.0 - A DevOps Journey
 
Joomla! Performance on Steroids
Joomla! Performance on SteroidsJoomla! Performance on Steroids
Joomla! Performance on Steroids
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalability
 
Caching and tuning fun for high scalability @ FOSDEM 2012
Caching and tuning fun for high scalability @ FOSDEM 2012Caching and tuning fun for high scalability @ FOSDEM 2012
Caching and tuning fun for high scalability @ FOSDEM 2012
 
Pipe your script to slack
Pipe your script to slackPipe your script to slack
Pipe your script to slack
 
Caching and tuning fun for high scalability @ FrOSCon 2011
Caching and tuning fun for high scalability @ FrOSCon 2011Caching and tuning fun for high scalability @ FrOSCon 2011
Caching and tuning fun for high scalability @ FrOSCon 2011
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalability
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The Enterprise
 
Making Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking itMaking Joomla Insecure - Explaining security by breaking it
Making Joomla Insecure - Explaining security by breaking it
 
WE18_Performance_Up.ppt
WE18_Performance_Up.pptWE18_Performance_Up.ppt
WE18_Performance_Up.ppt
 
Advanced caching techniques with ehcache, big memory, terracotta, and coldfusion
Advanced caching techniques with ehcache, big memory, terracotta, and coldfusionAdvanced caching techniques with ehcache, big memory, terracotta, and coldfusion
Advanced caching techniques with ehcache, big memory, terracotta, and coldfusion
 
Csdn Drdobbs Tenni Theurer Yahoo
Csdn Drdobbs Tenni Theurer YahooCsdn Drdobbs Tenni Theurer Yahoo
Csdn Drdobbs Tenni Theurer Yahoo
 
SQL Server On SANs
SQL Server On SANsSQL Server On SANs
SQL Server On SANs
 
Salt conf 2014 - Using SaltStack in high availability environments
Salt conf 2014 - Using SaltStack in high availability environmentsSalt conf 2014 - Using SaltStack in high availability environments
Salt conf 2014 - Using SaltStack in high availability environments
 
Magento performances 2015 best practices
Magento performances 2015 best practicesMagento performances 2015 best practices
Magento performances 2015 best practices
 
Defcon - Veil-Pillage
Defcon - Veil-PillageDefcon - Veil-Pillage
Defcon - Veil-Pillage
 
CIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEMCIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEM
 
Lonestar php scalingmagento
Lonestar php scalingmagentoLonestar php scalingmagento
Lonestar php scalingmagento
 
No locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureNo locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructure
 
OWASP Thailand 2016 - Joomla Security
OWASP Thailand 2016 - Joomla Security OWASP Thailand 2016 - Joomla Security
OWASP Thailand 2016 - Joomla Security
 

Último

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Último (20)

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Joomla! Day Poland 2012 - Active Security for Joomla! sites

Notas do Editor

  1. Scratches the surface\nImperative everyone follows this advice\n\nNext: Me\n
  2. \n
  3. \n
  4. Make it harder, not impossible\n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. Whitepixel + cheap hardware\nCosts $2,800\nBreaks 33.1 billion passwords / second\nNext: sample pw\n
  20. All about entropy.\nWords stronger than random garbage\nThere’s a catch. All words = 1 day. Add numbers/padding to increase entropy.\nNext: 777\n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n
  30. \n
  31. \n
  32. Ask your questions!\n\nNext: QR-Code\n
  33. \n
  34. Ask your questions!\n\nNext: QR-Code\n
  35. Thank you for listening\n\nTHE END\n