April 2011
Intermediate to advanced
432 pages
11h 1m
English
book
CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone®
by Tom Canavan
Content preview from CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone®
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Understanding the Need for the Patching Process
You may be thinking that you don't necessarily need to patch, or that you don't really have the time to go through the process. That is definitely the mindset of many site owners today. However, if you ignore patching, you are doing so at your own peril. That is not a lighthearted statement; it's backed up by research.
For example, in 2003, a worm was released on the Internet that swept literally around the world in a few short hours. Its target was Microsoft SQL servers. It attacked any SQL Server instance that did not have a specific patch. The issue was that the patch had been available for several months. Applying it would have neutralized the attack. The cost was incalculable, and the downtime was embarrassing. Companies (both large and small) were hit by this attack, crippling infrastructures, and stopping worldwide commerce. Numerous studies have been conducted using publicly available information that shows the act of patching would have stopped the bulk of attacks. One study published in 2000 written by Hilary K. Browne and William A. Arbaugh of the University of Maryland, and John McHugh and William L. Fithen of the Software Engineering Institute, was entitled, “A Trend Analysis of Exploitations.” In that study, the authors proposed a theory that states after a patch is released, users who do not apply it are exposed to an excessive window of opportunity for attacks. Specifically, they noted the following:
“The data we ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.