Chapter 5. Anatomy of Attacks
Mark Twain once said, "There are only two certainties in life— death and taxes." Even in web security there are two certainties: It's not "if you are attacked", but "when and how" your site will be taken advantage of.
There are many types of attacks that can happen to a website, and several volumes consisting of thousands of pages have been written about them. In this short chapter, we will focus on two types of attacks that can occur to your Joomla! website. The attacks are SQL Injections and Remote File Includes. The former, though very nasty, can be prevented in many cases; but the latter is a more difficult one to stop altogether. So, it is important that you are aware of them and know their signs.
In this chapter, we will take a very recently discovered vulnerability in a popular extension (at the time of writing), and demonstrate an SQL attack and its results. This chapter is not meant to be a comprehensive review of either of the attacks. It presents ONLY...