SlideShare a Scribd company logo

Kentico CMS 7 - Security improvements

Download as PPTX, PDF
Thomas Robbins
Thomas Robbins

Kentico takes security seriously and security improvements are an important part of any new release. Password expiration and policy enforcement, are just a few of the new security improvements in Kentico CMS 7. in this interactive and demo filled session we looked at the new security improvements in Kentico CMS 7.

Technology
1 of 8
Kentico CMS 7: Security improvements Dominik Pinter, dominikp@kentico.com
Agenda • New features • New system protections • Improvements of existing features • Tips, hints, best practices
Have you met Sean? • Sean, agent 00111 • Security expert at XYZ company
Users accounts are in danger! Task #1: Sean, make user accounts as secure as possible - Passwords: password format, password policy, password expiration, forgotten passwords retrieval, password hash salt - Disabling autocomplete - Invalid logon attempts - Delete all testing users before production! - Emergency reset of Administrator password - CMSAdminEmergencyReset web.config key
What about user sessions? Task #2: Sean, mitigate a risk that someone can steal user session. - Session attacks protection - Clickjacking protection - Screen lock
Modules, modules, modules … Task #3: Sean, don‘t forget about the modules! - E-mail confirmation for subscription – Newsletters, Forums, Blogs, message boards - ASCX layouts protection - Reporting module protection - Web parts: Where, OrderBy
Q&A
Thank you http://www.kentico.com http://devnet.kentico.com dominikp@kentico.com

Recommended

Aboutme 12983064135624 Phpapp01
Aboutme 12983064135624 Phpapp01Aboutme 12983064135624 Phpapp01
Aboutme 12983064135624 Phpapp01Irena90
 
About Me
About MeAbout Me
About MeIrena90
 
PlayFab Advanced Cloud Script
PlayFab Advanced Cloud ScriptPlayFab Advanced Cloud Script
PlayFab Advanced Cloud ScriptThomas Robbins
 
CMS and security / privacy
CMS and security / privacyCMS and security / privacy
CMS and security / privacyImpessCMS
 
Security CMS - Opensoure2Day event
Security CMS - Opensoure2Day eventSecurity CMS - Opensoure2Day event
Security CMS - Opensoure2Day eventAkarawuth Tamrareang
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemEditor IJCATR
 
Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312
Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312
Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312HetOndernemersBelang
 
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for Mythbusters
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for MythbustersJoomla!Day Switzerland 2013 - Ruth Cheesley - SEO for Mythbusters
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for MythbustersRuth Cheesley
 

Recommended

Aboutme 12983064135624 Phpapp01
Aboutme 12983064135624 Phpapp01Aboutme 12983064135624 Phpapp01
Aboutme 12983064135624 Phpapp01Irena90
 
About Me
About MeAbout Me
About MeIrena90
 
PlayFab Advanced Cloud Script
PlayFab Advanced Cloud ScriptPlayFab Advanced Cloud Script
PlayFab Advanced Cloud ScriptThomas Robbins
 
CMS and security / privacy
CMS and security / privacyCMS and security / privacy
CMS and security / privacyImpessCMS
 
Security CMS - Opensoure2Day event
Security CMS - Opensoure2Day eventSecurity CMS - Opensoure2Day event
Security CMS - Opensoure2Day eventAkarawuth Tamrareang
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemEditor IJCATR
 
Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312
Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312
Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312HetOndernemersBelang
 
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for Mythbusters
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for MythbustersJoomla!Day Switzerland 2013 - Ruth Cheesley - SEO for Mythbusters
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for MythbustersRuth Cheesley
 
CMS Security - Ruth Cheesley - CMS Africa 2014
CMS Security - Ruth Cheesley - CMS Africa 2014CMS Security - Ruth Cheesley - CMS Africa 2014
CMS Security - Ruth Cheesley - CMS Africa 2014Ruth Cheesley
 
Wordpress and Your Brand
Wordpress and Your BrandWordpress and Your Brand
Wordpress and Your BrandSara Cannon
 
Introduction to Drupal (7) Theming
Introduction to Drupal (7) ThemingIntroduction to Drupal (7) Theming
Introduction to Drupal (7) ThemingRobert Carr
 
Building and Maintaining Open Source Project - YWC14
Building and Maintaining Open Source Project - YWC14Building and Maintaining Open Source Project - YWC14
Building and Maintaining Open Source Project - YWC14Akarawuth Tamrareang
 
Content Management Systems
Content Management SystemsContent Management Systems
Content Management Systemssahig123
 
Killing Churn with Totango and Salesforce
Killing Churn with Totango and SalesforceKilling Churn with Totango and Salesforce
Killing Churn with Totango and SalesforceTotango
 
Content Management Systems
Content Management SystemsContent Management Systems
Content Management SystemsKowshar Ahmed
 
Content Management System
Content Management SystemContent Management System
Content Management SystemDeepak Devadasan
 
CMS (CONTENT MANAGEMENT SYSTEM)
CMS (CONTENT MANAGEMENT SYSTEM)CMS (CONTENT MANAGEMENT SYSTEM)
CMS (CONTENT MANAGEMENT SYSTEM)Aaina Katyal
 
What is a Content Management System or CMS
What is a Content Management System or CMSWhat is a Content Management System or CMS
What is a Content Management System or CMSSteve Williams
 
Content Management System
Content Management SystemContent Management System
Content Management SystemAnand Subramaniam
 
Content Management System
Content Management SystemContent Management System
Content Management SystemOmnePresent
 
Got SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouGot SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouAnton Chuvakin
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual AppliancesJeremy Brown
 
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020 Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020 Ronni Pedersen
 
Amarjeet_Updated_Resume
Amarjeet_Updated_ResumeAmarjeet_Updated_Resume
Amarjeet_Updated_ResumeAmarjeet Kumar
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...BCC - Solutions for IBM Collaboration Software
 
CyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzoneCyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzoneITJobZone.biz
 
06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...appsec
 
Breaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection SolutionsBreaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection SolutionsMayank Dhiman
 
Client server chat
Client server chatClient server chat
Client server chatFreelancer
 

More Related Content

Viewers also liked

CMS Security - Ruth Cheesley - CMS Africa 2014
CMS Security - Ruth Cheesley - CMS Africa 2014CMS Security - Ruth Cheesley - CMS Africa 2014
CMS Security - Ruth Cheesley - CMS Africa 2014Ruth Cheesley
 
Wordpress and Your Brand
Wordpress and Your BrandWordpress and Your Brand
Wordpress and Your BrandSara Cannon
 
Introduction to Drupal (7) Theming
Introduction to Drupal (7) ThemingIntroduction to Drupal (7) Theming
Introduction to Drupal (7) ThemingRobert Carr
 
Building and Maintaining Open Source Project - YWC14
Building and Maintaining Open Source Project - YWC14Building and Maintaining Open Source Project - YWC14
Building and Maintaining Open Source Project - YWC14Akarawuth Tamrareang
 
Content Management Systems
Content Management SystemsContent Management Systems
Content Management Systemssahig123
 
Killing Churn with Totango and Salesforce
Killing Churn with Totango and SalesforceKilling Churn with Totango and Salesforce
Killing Churn with Totango and SalesforceTotango
 
Content Management Systems
Content Management SystemsContent Management Systems
Content Management SystemsKowshar Ahmed
 
CMS (CONTENT MANAGEMENT SYSTEM)
CMS (CONTENT MANAGEMENT SYSTEM)CMS (CONTENT MANAGEMENT SYSTEM)
CMS (CONTENT MANAGEMENT SYSTEM)Aaina Katyal
 
What is a Content Management System or CMS
What is a Content Management System or CMSWhat is a Content Management System or CMS
What is a Content Management System or CMSSteve Williams
 
Content Management System
Content Management SystemContent Management System
Content Management SystemOmnePresent
 

Viewers also liked (12)

CMS Security - Ruth Cheesley - CMS Africa 2014
CMS Security - Ruth Cheesley - CMS Africa 2014CMS Security - Ruth Cheesley - CMS Africa 2014
CMS Security - Ruth Cheesley - CMS Africa 2014
 
Wordpress and Your Brand
Wordpress and Your BrandWordpress and Your Brand
Wordpress and Your Brand
 
Introduction to Drupal (7) Theming
Introduction to Drupal (7) ThemingIntroduction to Drupal (7) Theming
Introduction to Drupal (7) Theming
 
Building and Maintaining Open Source Project - YWC14
Building and Maintaining Open Source Project - YWC14Building and Maintaining Open Source Project - YWC14
Building and Maintaining Open Source Project - YWC14
 
Content Management Systems
Content Management SystemsContent Management Systems
Content Management Systems
 
Killing Churn with Totango and Salesforce
Killing Churn with Totango and SalesforceKilling Churn with Totango and Salesforce
Killing Churn with Totango and Salesforce
 
Content Management Systems
Content Management SystemsContent Management Systems
Content Management Systems
 
Content Management System
Content Management SystemContent Management System
Content Management System
 
CMS (CONTENT MANAGEMENT SYSTEM)
CMS (CONTENT MANAGEMENT SYSTEM)CMS (CONTENT MANAGEMENT SYSTEM)
CMS (CONTENT MANAGEMENT SYSTEM)
 
What is a Content Management System or CMS
What is a Content Management System or CMSWhat is a Content Management System or CMS
What is a Content Management System or CMS
 
Content Management System
Content Management SystemContent Management System
Content Management System
 
Content Management System
Content Management SystemContent Management System
Content Management System
 

Similar to Kentico CMS 7 - Security improvements

Got SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouGot SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouAnton Chuvakin
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual AppliancesJeremy Brown
 
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020 Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020 Ronni Pedersen
 
Amarjeet_Updated_Resume
Amarjeet_Updated_ResumeAmarjeet_Updated_Resume
Amarjeet_Updated_ResumeAmarjeet Kumar
 
CyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzoneCyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzoneITJobZone.biz
 
06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...appsec
 
Breaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection SolutionsBreaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection SolutionsMayank Dhiman
 
Client server chat
Client server chatClient server chat
Client server chatFreelancer
 
ISC2_Cyber_Security_Notes.pdf
ISC2_Cyber_Security_Notes.pdfISC2_Cyber_Security_Notes.pdf
ISC2_Cyber_Security_Notes.pdfCCNAAccount
 
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...IBM Security
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...BeyondTrust
 
Beyond the OWASP Top 10
Beyond the OWASP Top 10Beyond the OWASP Top 10
Beyond the OWASP Top 10iphonepentest
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your systemRevital Lapidot
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your systemRevital Lapidot
 
Sailing through devlopment with legacy code
Sailing through devlopment with legacy codeSailing through devlopment with legacy code
Sailing through devlopment with legacy codeprasadkunte
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityRohit Kapoor
 

Similar to Kentico CMS 7 - Security improvements (20)

Got SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouGot SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For You
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual Appliances
 
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020 Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
 
Amarjeet_Updated_Resume
Amarjeet_Updated_ResumeAmarjeet_Updated_Resume
Amarjeet_Updated_Resume
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
 
CyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzoneCyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzone
 
06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...
 
Breaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection SolutionsBreaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection Solutions
 
Client server chat
Client server chatClient server chat
Client server chat
 
ISC2_Cyber_Security_Notes.pdf
ISC2_Cyber_Security_Notes.pdfISC2_Cyber_Security_Notes.pdf
ISC2_Cyber_Security_Notes.pdf
 
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...
 
Beyond the OWASP Top 10
Beyond the OWASP Top 10Beyond the OWASP Top 10
Beyond the OWASP Top 10
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your system
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your system
 
Sailing through devlopment with legacy code
Sailing through devlopment with legacy codeSailing through devlopment with legacy code
Sailing through devlopment with legacy code
 
Authentication Management
Authentication ManagementAuthentication Management
Authentication Management
 
Isys20261 lecture 14
Isys20261 lecture 14Isys20261 lecture 14
Isys20261 lecture 14
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
 

More from Thomas Robbins

What’s in the box? Creating chance mechanics and rewards
What’s in the box? Creating chance mechanics and rewardsWhat’s in the box? Creating chance mechanics and rewards
What’s in the box? Creating chance mechanics and rewardsThomas Robbins
 
Getting started with Cloud Script
Getting started with Cloud ScriptGetting started with Cloud Script
Getting started with Cloud ScriptThomas Robbins
 
Say hello to the new PlayFab!
Say hello to the new PlayFab!Say hello to the new PlayFab!
Say hello to the new PlayFab!Thomas Robbins
 
Data-Driven Government: Explore the Four Pillars of Value
Data-Driven Government: Explore the Four Pillars of ValueData-Driven Government: Explore the Four Pillars of Value
Data-Driven Government: Explore the Four Pillars of ValueThomas Robbins
 
Financial Transparency Trailblazers
Financial Transparency TrailblazersFinancial Transparency Trailblazers
Financial Transparency TrailblazersThomas Robbins
 
Telling Stories with Open Data
Telling Stories with Open DataTelling Stories with Open Data
Telling Stories with Open DataThomas Robbins
 
Socrata Financial Transparency Suite
Socrata Financial Transparency Suite Socrata Financial Transparency Suite
Socrata Financial Transparency Suite Thomas Robbins
 
Socrata Service Connect
Socrata Service ConnectSocrata Service Connect
Socrata Service ConnectThomas Robbins
 
Leveraging Data to Engage Citizens and Drive Innovation
Leveraging Data to Engage Citizens and Drive InnovationLeveraging Data to Engage Citizens and Drive Innovation
Leveraging Data to Engage Citizens and Drive InnovationThomas Robbins
 
Using MVC with Kentico 8
Using MVC with Kentico 8Using MVC with Kentico 8
Using MVC with Kentico 8Thomas Robbins
 
Say hello to Kentico 8! Your integrated marketing solution has arrived
Say hello to Kentico 8! Your integrated marketing solution has arrivedSay hello to Kentico 8! Your integrated marketing solution has arrived
Say hello to Kentico 8! Your integrated marketing solution has arrivedThomas Robbins
 
One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...
One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...
One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...Thomas Robbins
 
Getting started with MVC 5 and Visual Studio 2013
Getting started with MVC 5 and Visual Studio 2013Getting started with MVC 5 and Visual Studio 2013
Getting started with MVC 5 and Visual Studio 2013Thomas Robbins
 
Digital marketing best practices
Digital marketing best practices Digital marketing best practices
Digital marketing best practices Thomas Robbins
 
Do you speak digital marketing with Kentico CMS?
Do you speak digital marketing with Kentico CMS?Do you speak digital marketing with Kentico CMS?
Do you speak digital marketing with Kentico CMS?Thomas Robbins
 
Common questions for Windows Azure and Kentico CMS
Common questions for Windows Azure and Kentico CMSCommon questions for Windows Azure and Kentico CMS
Common questions for Windows Azure and Kentico CMSThomas Robbins
 
Advanced development with Windows Azure
Advanced development with Windows AzureAdvanced development with Windows Azure
Advanced development with Windows AzureThomas Robbins
 
Best Practices for Kentico CMS and Windows Azure
Best Practices for Kentico CMS and Windows AzureBest Practices for Kentico CMS and Windows Azure
Best Practices for Kentico CMS and Windows AzureThomas Robbins
 
Deployment options for Kentico CMS on Windows Azure
Deployment options for Kentico CMS on Windows AzureDeployment options for Kentico CMS on Windows Azure
Deployment options for Kentico CMS on Windows AzureThomas Robbins
 

More from Thomas Robbins (20)

What’s in the box? Creating chance mechanics and rewards
What’s in the box? Creating chance mechanics and rewardsWhat’s in the box? Creating chance mechanics and rewards
What’s in the box? Creating chance mechanics and rewards
 
Getting started with Cloud Script
Getting started with Cloud ScriptGetting started with Cloud Script
Getting started with Cloud Script
 
Say hello to the new PlayFab!
Say hello to the new PlayFab!Say hello to the new PlayFab!
Say hello to the new PlayFab!
 
Data-Driven Government: Explore the Four Pillars of Value
Data-Driven Government: Explore the Four Pillars of ValueData-Driven Government: Explore the Four Pillars of Value
Data-Driven Government: Explore the Four Pillars of Value
 
Financial Transparency Trailblazers
Financial Transparency TrailblazersFinancial Transparency Trailblazers
Financial Transparency Trailblazers
 
Telling Stories with Open Data
Telling Stories with Open DataTelling Stories with Open Data
Telling Stories with Open Data
 
Socrata Financial Transparency Suite
Socrata Financial Transparency Suite Socrata Financial Transparency Suite
Socrata Financial Transparency Suite
 
Socrata Service Connect
Socrata Service ConnectSocrata Service Connect
Socrata Service Connect
 
Leveraging Data to Engage Citizens and Drive Innovation
Leveraging Data to Engage Citizens and Drive InnovationLeveraging Data to Engage Citizens and Drive Innovation
Leveraging Data to Engage Citizens and Drive Innovation
 
Using MVC with Kentico 8
Using MVC with Kentico 8Using MVC with Kentico 8
Using MVC with Kentico 8
 
Here Comes Kentico 8
Here Comes Kentico 8Here Comes Kentico 8
Here Comes Kentico 8
 
Say hello to Kentico 8! Your integrated marketing solution has arrived
Say hello to Kentico 8! Your integrated marketing solution has arrivedSay hello to Kentico 8! Your integrated marketing solution has arrived
Say hello to Kentico 8! Your integrated marketing solution has arrived
 
One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...
One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...
One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...
 
Getting started with MVC 5 and Visual Studio 2013
Getting started with MVC 5 and Visual Studio 2013Getting started with MVC 5 and Visual Studio 2013
Getting started with MVC 5 and Visual Studio 2013
 
Digital marketing best practices
Digital marketing best practices Digital marketing best practices
Digital marketing best practices
 
Do you speak digital marketing with Kentico CMS?
Do you speak digital marketing with Kentico CMS?Do you speak digital marketing with Kentico CMS?
Do you speak digital marketing with Kentico CMS?
 
Common questions for Windows Azure and Kentico CMS
Common questions for Windows Azure and Kentico CMSCommon questions for Windows Azure and Kentico CMS
Common questions for Windows Azure and Kentico CMS
 
Advanced development with Windows Azure
Advanced development with Windows AzureAdvanced development with Windows Azure
Advanced development with Windows Azure
 
Best Practices for Kentico CMS and Windows Azure
Best Practices for Kentico CMS and Windows AzureBest Practices for Kentico CMS and Windows Azure
Best Practices for Kentico CMS and Windows Azure
 
Deployment options for Kentico CMS on Windows Azure
Deployment options for Kentico CMS on Windows AzureDeployment options for Kentico CMS on Windows Azure
Deployment options for Kentico CMS on Windows Azure
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

Kentico CMS 7 - Security improvements

  • 1. Kentico CMS 7: Security improvements Dominik Pinter, dominikp@kentico.com
  • 2. Agenda • New features • New system protections • Improvements of existing features • Tips, hints, best practices
  • 3. Have you met Sean? • Sean, agent 00111 • Security expert at XYZ company
  • 4. Users accounts are in danger! Task #1: Sean, make user accounts as secure as possible - Passwords: password format, password policy, password expiration, forgotten passwords retrieval, password hash salt - Disabling autocomplete - Invalid logon attempts - Delete all testing users before production! - Emergency reset of Administrator password - CMSAdminEmergencyReset web.config key
  • 5. What about user sessions? Task #2: Sean, mitigate a risk that someone can steal user session. - Session attacks protection - Clickjacking protection - Screen lock
  • 6. Modules, modules, modules … Task #3: Sean, don‘t forget about the modules! - E-mail confirmation for subscription – Newsletters, Forums, Blogs, message boards - ASCX layouts protection - Reporting module protection - Web parts: Where, OrderBy
  • 7. Q&A