O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Kentico CMS 7 - Security improvements

1.522 visualizações

Publicada em

Kentico takes security seriously and security improvements are an important part of any new release. Password expiration and policy enforcement, are just a few of the new security improvements in Kentico CMS 7. in this interactive and demo filled session we looked at the new security improvements in Kentico CMS 7.

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Kentico CMS 7 - Security improvements

  1. 1. Kentico CMS 7: SecurityimprovementsDominik Pinter, dominikp@kentico.com
  2. 2. Agenda• New features• New system protections• Improvements of existing features• Tips, hints, best practices
  3. 3. Have you met Sean?• Sean, agent 00111• Security expert at XYZ company
  4. 4. Users accounts are in danger!Task #1: Sean, make user accounts as secure as possible- Passwords: password format, password policy, password expiration, forgotten passwords retrieval, password hash salt- Disabling autocomplete- Invalid logon attempts- Delete all testing users before production!- Emergency reset of Administrator password - CMSAdminEmergencyReset web.config key
  5. 5. What about user sessions?Task #2: Sean, mitigate a risk that someone cansteal user session.- Session attacks protection- Clickjacking protection- Screen lock
  6. 6. Modules, modules, modules …Task #3: Sean, don‘t forget about the modules!- E-mail confirmation for subscription – Newsletters, Forums, Blogs, message boards- ASCX layouts protection- Reporting module protection- Web parts: Where, OrderBy
  7. 7. Q&A
  8. 8. Thank you http://www.kentico.comhttp://devnet.kentico.com dominikp@kentico.com