Why you should care about security
Although occasionally security vulnerabilities are identified and fixed in the Joomla! core, a majority of vulnerabilities are due to third-party extensions. Part of the reason for this is that there isn't any good security training for Joomla! developers. Many people in the Joomla! community are of the opinion that details of vulnerabilities should be kept secret to prevent more people from exploiting them, so this knowledge isn't shared. This leads to many Joomla! developers learning the hard way about these vulnerabilities, which shouldn't be happening. I'm of the opinion that third-party developers should be more aware of the potential risks so they can take steps to protect against them.
All of the security exploits in this chapter are not specific to Joomla!; any of the popular open source CMS systems could potentially have similar issues. There is a lot of information online already about all these types of vulnerabilities, but not many are in a Joomla...
