Tag Archives: joomla sql injection

Guidelines for Pen-testing a Joomla Based Site

6,785
Filed under Pen-Testing and Security
Tagged as , , , ,

Need for this article

This document, “Guideline for Pen-Testing a Joomla based site” has been developed in order to keep the general people aware of the security related information about Joomla. This documentation will explain the testing methodology that must be used to audit Joomla based sites. This guide will help you learn the basic security misconfigurations, vulnerabilities, etc. within Joomla which will further assist you to do better security testing in those sites. This guide will also help you recommend Security Countermeasures to you client for bulletproofing their Joomla based sites.

Introduction to Joomla

There have been lots of CMS systems available for web development like Word press, Drupal, Joomla, etc. still Joomla has its own customers and they are quite handy to work with Joomla as it is quite small, easy, etc.
Working with Joomla is like developing your site in such a way that it can be easily installed, handled and managed. Installing it, selecting a cool theme, setting the layout, modifying the CSS, using some extensions, and the site is ready. However there is another point which must be kept in mind.
Well Security is a state in which we ensure a proper gap between the threats and assets of an organization. We try to either move assets far away from threats or we try to somehow apply good security controls in between the two.
When we talk about Security in Joomla, we have to focus on both Joomla framework and the extensions too. However Joomla itself is quite stable and less probe to attacks, i.e. you will get with some hard time getting a serious attack vector. Most of the time, only some XSS, SQL, LFI, etc. will be identified in the core which are already fixed and patched.

Read More »