Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Kentico CMS 7 - Security improvements


Published on

Kentico takes security seriously and security improvements are an important part of any new release. Password expiration and policy enforcement, are just a few of the new security improvements in Kentico CMS 7. in this interactive and demo filled session we looked at the new security improvements in Kentico CMS 7.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Kentico CMS 7 - Security improvements

  1. 1. Kentico CMS 7: SecurityimprovementsDominik Pinter,
  2. 2. Agenda• New features• New system protections• Improvements of existing features• Tips, hints, best practices
  3. 3. Have you met Sean?• Sean, agent 00111• Security expert at XYZ company
  4. 4. Users accounts are in danger!Task #1: Sean, make user accounts as secure as possible- Passwords: password format, password policy, password expiration, forgotten passwords retrieval, password hash salt- Disabling autocomplete- Invalid logon attempts- Delete all testing users before production!- Emergency reset of Administrator password - CMSAdminEmergencyReset web.config key
  5. 5. What about user sessions?Task #2: Sean, mitigate a risk that someone cansteal user session.- Session attacks protection- Clickjacking protection- Screen lock
  6. 6. Modules, modules, modules …Task #3: Sean, don‘t forget about the modules!- E-mail confirmation for subscription – Newsletters, Forums, Blogs, message boards- ASCX layouts protection- Reporting module protection- Web parts: Where, OrderBy
  7. 7. Q&A
  8. 8. Thank you http://www.kentico.com