Kentico takes security seriously and security improvements are an important part of any new release. Password expiration and policy enforcement, are just a few of the new security improvements in Kentico CMS 7. in this interactive and demo filled session we looked at the new security improvements in Kentico CMS 7.
2. Agenda
• New features
• New system protections
• Improvements of existing features
• Tips, hints, best practices
3. Have you met Sean?
• Sean, agent 00111
• Security expert at XYZ company
4. Users accounts are in danger!
Task #1: Sean, make user accounts as secure as possible
- Passwords: password format, password
policy, password expiration, forgotten passwords
retrieval, password hash salt
- Disabling autocomplete
- Invalid logon attempts
- Delete all testing users before production!
- Emergency reset of Administrator password
- CMSAdminEmergencyReset web.config key
5. What about user sessions?
Task #2: Sean, mitigate a risk that someone can
steal user session.
- Session attacks protection
- Clickjacking protection
- Screen lock
6. Modules, modules, modules …
Task #3: Sean, don‘t forget about the modules!
- E-mail confirmation for subscription –
Newsletters, Forums, Blogs, message boards
- ASCX layouts protection
- Reporting module protection
- Web parts: Where, OrderBy