Kentico CMS 7 - Security improvements

1,449 views

Published on

Kentico takes security seriously and security improvements are an important part of any new release. Password expiration and policy enforcement, are just a few of the new security improvements in Kentico CMS 7. in this interactive and demo filled session we looked at the new security improvements in Kentico CMS 7.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,449
On SlideShare
0
From Embeds
0
Number of Embeds
70
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Kentico CMS 7 - Security improvements

  1. 1. Kentico CMS 7: SecurityimprovementsDominik Pinter, dominikp@kentico.com
  2. 2. Agenda• New features• New system protections• Improvements of existing features• Tips, hints, best practices
  3. 3. Have you met Sean?• Sean, agent 00111• Security expert at XYZ company
  4. 4. Users accounts are in danger!Task #1: Sean, make user accounts as secure as possible- Passwords: password format, password policy, password expiration, forgotten passwords retrieval, password hash salt- Disabling autocomplete- Invalid logon attempts- Delete all testing users before production!- Emergency reset of Administrator password - CMSAdminEmergencyReset web.config key
  5. 5. What about user sessions?Task #2: Sean, mitigate a risk that someone cansteal user session.- Session attacks protection- Clickjacking protection- Screen lock
  6. 6. Modules, modules, modules …Task #3: Sean, don‘t forget about the modules!- E-mail confirmation for subscription – Newsletters, Forums, Blogs, message boards- ASCX layouts protection- Reporting module protection- Web parts: Where, OrderBy
  7. 7. Q&A
  8. 8. Thank you http://www.kentico.comhttp://devnet.kentico.com dominikp@kentico.com

×