Fwd: [NoVA JUG] Our meeting Thursday -- Agenda for -- Security??
Paul D. Bain
encountered when sending it the first time.
Sincerely,
Paul Bain
-------- Original Message --------
Subject: Re: [NoVA JUG] Our meeting Thursday -- Agenda for -- Security??
Date: Sat, 24 Dec 2011 11:10:15 -0500
From: Paul D. Bain <paul...@pobox.com>
Reply-To: paul...@pobox.com
To: novaj...@googlegroups.com
CC: Chad Windnagle <drmm...@gmail.com>
On 1/14/2012 10:46 PM, Chad Windnagle wrote:
> If you guys are interested in having a credible source on security I
> highly recommend you look to Jeff Channel.
>
> Jeff recently did a presentation at Joomla Day Midwest and atually works
> for the Joomla development company Anything Digital.
>
> His slides from his presentation are here:
> http://joomladaymidwest.org/news/slides-and-video/2011/slides-jeff-channell-secure-php-coding-practices.html
>
> He might even be interested in doing something over skype with you guys.
> Let me know if you're interested and I ask for you.
Chad,
OK. I have reviewed J. Channel's slides, which appear to be relevant
and informative. If others want to consider approaching Jeff Channel,
then I would not object, but I fear that contacting him now, just four
days before our meeting, would be very short notice for him.
Even if we could not get a speaker or an expert who could
authoritatively lead a discussion of J. security, we could devote part
of our meeting to security nevertheless. For example, we could discuss
tools that we have used (or read about) that help a J. administrator to
detect and patch security vulnerabilities in J. extensions. I mentioned
one such tool recently: OWASP's scanner for J.
Sincerely,
Paul Bain
> Jeff's site: http://jeffchannell.com/
>
> Good luck, happy coding!
>
> -Chad
>
> Regards,
> Chad Windnagle
>
>
>
> On Sat, Jan 14, 2012 at 9:18 PM, Brian P Sullivan
> <su...@terracemediagroup.com <mailto:su...@terracemediagroup.com>> wrote:
>
> The topic is good one. That book is actually quite good and useful for
> introducing some security concepts like SQL injections. I have a
> copy but I
> think I've had it for like, three years and I'm not sure when I last
> cracked
> the cover. It wouldn't have current solutions but it would make for
> a good
> point of departure for a discussion.
>
> Also, I was disappointed to see such negativity on the Joomla! site but
> unsurprised at whose poison pen wrote the review. Any book that draws
> attention to using Joomla! project software well is a good book in my
> opinion, but then, I disagree with the author of that article on almost
> everything.
>
> Best,
> Sully
>
>
> -----Original Message-----
> From: novaj...@googlegroups.com
> <mailto:novaj...@googlegroups.com>
> [mailto:novaj...@googlegroups.com
> <mailto:novaj...@googlegroups.com>] On
> Behalf Of Paul D. Bain
> Sent: Sunday, January 15, 2012 8:31 PM
> To: novaj...@googlegroups.com
> <mailto:novaj...@googlegroups.com>; Dorothy Firsching
> Subject: Re: [NoVA JUG] Our meeting Thursday -- Agenda for -- J.
> security --
> T. Canavan's book on?
>
> On 12/23/2011 8:02 PM, Paul D. Bain wrote:
> > According to the MeetUp page for our Thursday meeting, Dorothy
> > Firsching is interested in discussing a book on J. security. Is the
> > said book the one by Thomas Canavan? To wit:
> >
> > http://www.amazon.com/Joomla-Web-Security-Tom-Canavan/dp/1847194885
> >
> > Do the members of NoVA JUG want to discuss this book? If so, then I
> > suggest that interested members read the following thread of
> > discussion
> > (ToD) _first_, before the meeting on Thursday night at 7 PM:
> >
> >
> https://groups.google.com/forum/#!topic/joomla-dev-general/a4qsxRqJ-vw
> > /overview
>
> Here is another disparaging comment on this book:
>
>
> http://community.joomla.org/featured-articles/711-new-joomla-security-book-o
> ffers-little-for-much.html
> <http://community.joomla.org/featured-articles/711-new-joomla-security-book-o
> ffers-little-for-much.html>
>
> Significantly, this comment appeared on the _official_ Joomla site
> itself,
> and was a _FEATURED_ article there. Very, very important.
>
> Sincerely,
> Paul Bain
>
> >
> > If the remarks made in that ToD are correct, then I suggest that we
> > _NOT_ discuss Canavan's book. I remain interested in J. security,
> > however, and propose that we discuss it -- just not Canavan's book.
> >
> > Sincerely,
> > Paul Bain