SlideShare a Scribd company logo

Kentico CMS 7 - Security improvements

Download as PPTX, PDF
Thomas Robbins
Thomas Robbins

Kentico takes security seriously and security improvements are an important part of any new release. Password expiration and policy enforcement, are just a few of the new security improvements in Kentico CMS 7. in this interactive and demo filled session we looked at the new security improvements in Kentico CMS 7.

Technology
1 of 8
Kentico CMS 7: Security improvements Dominik Pinter, dominikp@kentico.com
Agenda • New features • New system protections • Improvements of existing features • Tips, hints, best practices
Have you met Sean? • Sean, agent 00111 • Security expert at XYZ company
Users accounts are in danger! Task #1: Sean, make user accounts as secure as possible - Passwords: password format, password policy, password expiration, forgotten passwords retrieval, password hash salt - Disabling autocomplete - Invalid logon attempts - Delete all testing users before production! - Emergency reset of Administrator password - CMSAdminEmergencyReset web.config key
What about user sessions? Task #2: Sean, mitigate a risk that someone can steal user session. - Session attacks protection - Clickjacking protection - Screen lock
Modules, modules, modules … Task #3: Sean, don‘t forget about the modules! - E-mail confirmation for subscription – Newsletters, Forums, Blogs, message boards - ASCX layouts protection - Reporting module protection - Web parts: Where, OrderBy
Q&A
Thank you http://www.kentico.com http://devnet.kentico.com dominikp@kentico.com

Recommended

Aboutme 12983064135624 Phpapp01
Aboutme 12983064135624 Phpapp01Aboutme 12983064135624 Phpapp01
Aboutme 12983064135624 Phpapp01
Irena90
 
About Me
About MeAbout Me
About Me
Irena90
 
PlayFab Advanced Cloud Script
PlayFab Advanced Cloud ScriptPlayFab Advanced Cloud Script
PlayFab Advanced Cloud Script
Thomas Robbins
 
CMS and security / privacy
CMS and security / privacyCMS and security / privacy
CMS and security / privacy
ImpessCMS
 
Security CMS - Opensoure2Day event
Security CMS - Opensoure2Day eventSecurity CMS - Opensoure2Day event
Security CMS - Opensoure2Day event
Akarawuth Tamrareang
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer System
Editor IJCATR
 
Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312
Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312
Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312
HetOndernemersBelang
 
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for Mythbusters
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for MythbustersJoomla!Day Switzerland 2013 - Ruth Cheesley - SEO for Mythbusters
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for Mythbusters
Ruth Cheesley
 

Recommended

Aboutme 12983064135624 Phpapp01
Aboutme 12983064135624 Phpapp01Aboutme 12983064135624 Phpapp01
Aboutme 12983064135624 Phpapp01
Irena90
 
About Me
About MeAbout Me
About Me
Irena90
 
PlayFab Advanced Cloud Script
PlayFab Advanced Cloud ScriptPlayFab Advanced Cloud Script
PlayFab Advanced Cloud Script
Thomas Robbins
 
CMS and security / privacy
CMS and security / privacyCMS and security / privacy
CMS and security / privacy
ImpessCMS
 
Security CMS - Opensoure2Day event
Security CMS - Opensoure2Day eventSecurity CMS - Opensoure2Day event
Security CMS - Opensoure2Day event
Akarawuth Tamrareang
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer System
Editor IJCATR
 
Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312
Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312
Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312
HetOndernemersBelang
 
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for Mythbusters
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for MythbustersJoomla!Day Switzerland 2013 - Ruth Cheesley - SEO for Mythbusters
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for Mythbusters
Ruth Cheesley
 
CMS Security - Ruth Cheesley - CMS Africa 2014
CMS Security - Ruth Cheesley - CMS Africa 2014CMS Security - Ruth Cheesley - CMS Africa 2014
CMS Security - Ruth Cheesley - CMS Africa 2014
Ruth Cheesley
 
Wordpress and Your Brand
Wordpress and Your BrandWordpress and Your Brand
Wordpress and Your Brand
Sara Cannon
 
Introduction to Drupal (7) Theming
Introduction to Drupal (7) ThemingIntroduction to Drupal (7) Theming
Introduction to Drupal (7) Theming
Robert Carr
 
Building and Maintaining Open Source Project - YWC14
Building and Maintaining Open Source Project - YWC14Building and Maintaining Open Source Project - YWC14
Building and Maintaining Open Source Project - YWC14
Akarawuth Tamrareang
 
Content Management Systems
Content Management SystemsContent Management Systems
Content Management Systems
sahig123
 
Killing Churn with Totango and Salesforce
Killing Churn with Totango and SalesforceKilling Churn with Totango and Salesforce
Killing Churn with Totango and Salesforce
Totango
 
Content Management Systems
Content Management SystemsContent Management Systems
Content Management Systems
Kowshar Ahmed
 
Content Management System
Content Management SystemContent Management System
Content Management System
Deepak Devadasan
 
CMS (CONTENT MANAGEMENT SYSTEM)
CMS (CONTENT MANAGEMENT SYSTEM)CMS (CONTENT MANAGEMENT SYSTEM)
CMS (CONTENT MANAGEMENT SYSTEM)
Aaina Katyal
 
What is a Content Management System or CMS
What is a Content Management System or CMSWhat is a Content Management System or CMS
What is a Content Management System or CMS
Steve Williams
 
Content Management System
Content Management SystemContent Management System
Content Management System
Anand Subramaniam
 
Content Management System
Content Management SystemContent Management System
Content Management System
OmnePresent
 
Got SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouGot SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For You
Anton Chuvakin
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual Appliances
Jeremy Brown
 
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020 Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
Ronni Pedersen
 
Amarjeet_Updated_Resume
Amarjeet_Updated_ResumeAmarjeet_Updated_Resume
Amarjeet_Updated_Resume
Amarjeet Kumar
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
Hitachi ID Systems, Inc.
 
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
BCC - Solutions for IBM Collaboration Software
 
CyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzoneCyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzone
ITJobZone.biz
 
06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...
appsec
 
Breaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection SolutionsBreaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection Solutions
Mayank Dhiman
 
Client server chat
Client server chatClient server chat
Client server chat
Freelancer
 

More Related Content

Viewers also liked

Content Management Systems
Content Management SystemsContent Management Systems
Content Management Systems
Kowshar Ahmed
 
CMS (CONTENT MANAGEMENT SYSTEM)
CMS (CONTENT MANAGEMENT SYSTEM)CMS (CONTENT MANAGEMENT SYSTEM)
CMS (CONTENT MANAGEMENT SYSTEM)
Aaina Katyal
 

Viewers also liked (12)

CMS Security - Ruth Cheesley - CMS Africa 2014
CMS Security - Ruth Cheesley - CMS Africa 2014CMS Security - Ruth Cheesley - CMS Africa 2014
CMS Security - Ruth Cheesley - CMS Africa 2014
 
Wordpress and Your Brand
Wordpress and Your BrandWordpress and Your Brand
Wordpress and Your Brand
 
Introduction to Drupal (7) Theming
Introduction to Drupal (7) ThemingIntroduction to Drupal (7) Theming
Introduction to Drupal (7) Theming
 
Building and Maintaining Open Source Project - YWC14
Building and Maintaining Open Source Project - YWC14Building and Maintaining Open Source Project - YWC14
Building and Maintaining Open Source Project - YWC14
 
Content Management Systems
Content Management SystemsContent Management Systems
Content Management Systems
 
Killing Churn with Totango and Salesforce
Killing Churn with Totango and SalesforceKilling Churn with Totango and Salesforce
Killing Churn with Totango and Salesforce
 
Content Management Systems
Content Management SystemsContent Management Systems
Content Management Systems
 
Content Management System
Content Management SystemContent Management System
Content Management System
 
CMS (CONTENT MANAGEMENT SYSTEM)
CMS (CONTENT MANAGEMENT SYSTEM)CMS (CONTENT MANAGEMENT SYSTEM)
CMS (CONTENT MANAGEMENT SYSTEM)
 
What is a Content Management System or CMS
What is a Content Management System or CMSWhat is a Content Management System or CMS
What is a Content Management System or CMS
 
Content Management System
Content Management SystemContent Management System
Content Management System
 
Content Management System
Content Management SystemContent Management System
Content Management System
 

Similar to Kentico CMS 7 - Security improvements

Got SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouGot SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For You
Anton Chuvakin
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual Appliances
Jeremy Brown
 
Amarjeet_Updated_Resume
Amarjeet_Updated_ResumeAmarjeet_Updated_Resume
Amarjeet_Updated_Resume
Amarjeet Kumar
 
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
BCC - Solutions for IBM Collaboration Software
 
CyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzoneCyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzone
ITJobZone.biz
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...
BeyondTrust
 

Similar to Kentico CMS 7 - Security improvements (20)

Got SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouGot SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For You
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual Appliances
 
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020 Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
 
Amarjeet_Updated_Resume
Amarjeet_Updated_ResumeAmarjeet_Updated_Resume
Amarjeet_Updated_Resume
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
 
CyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzoneCyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzone
 
06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...
 
Breaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection SolutionsBreaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection Solutions
 
Client server chat
Client server chatClient server chat
Client server chat
 
ISC2_Cyber_Security_Notes.pdf
ISC2_Cyber_Security_Notes.pdfISC2_Cyber_Security_Notes.pdf
ISC2_Cyber_Security_Notes.pdf
 
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...
 
Beyond the OWASP Top 10
Beyond the OWASP Top 10Beyond the OWASP Top 10
Beyond the OWASP Top 10
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your system
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your system
 
Sailing through devlopment with legacy code
Sailing through devlopment with legacy codeSailing through devlopment with legacy code
Sailing through devlopment with legacy code
 
Authentication Management
Authentication ManagementAuthentication Management
Authentication Management
 
Isys20261 lecture 14
Isys20261 lecture 14Isys20261 lecture 14
Isys20261 lecture 14
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
 

More from Thomas Robbins

What’s in the box? Creating chance mechanics and rewards
What’s in the box? Creating chance mechanics and rewardsWhat’s in the box? Creating chance mechanics and rewards
What’s in the box? Creating chance mechanics and rewards
Thomas Robbins
 
Data-Driven Government: Explore the Four Pillars of Value
Data-Driven Government: Explore the Four Pillars of ValueData-Driven Government: Explore the Four Pillars of Value
Data-Driven Government: Explore the Four Pillars of Value
Thomas Robbins
 
One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...
One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...
One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...
Thomas Robbins
 

More from Thomas Robbins (20)

What’s in the box? Creating chance mechanics and rewards
What’s in the box? Creating chance mechanics and rewardsWhat’s in the box? Creating chance mechanics and rewards
What’s in the box? Creating chance mechanics and rewards
 
Getting started with Cloud Script
Getting started with Cloud ScriptGetting started with Cloud Script
Getting started with Cloud Script
 
Say hello to the new PlayFab!
Say hello to the new PlayFab!Say hello to the new PlayFab!
Say hello to the new PlayFab!
 
Data-Driven Government: Explore the Four Pillars of Value
Data-Driven Government: Explore the Four Pillars of ValueData-Driven Government: Explore the Four Pillars of Value
Data-Driven Government: Explore the Four Pillars of Value
 
Financial Transparency Trailblazers
Financial Transparency TrailblazersFinancial Transparency Trailblazers
Financial Transparency Trailblazers
 
Telling Stories with Open Data
Telling Stories with Open DataTelling Stories with Open Data
Telling Stories with Open Data
 
Socrata Financial Transparency Suite
Socrata Financial Transparency Suite Socrata Financial Transparency Suite
Socrata Financial Transparency Suite
 
Socrata Service Connect
Socrata Service ConnectSocrata Service Connect
Socrata Service Connect
 
Leveraging Data to Engage Citizens and Drive Innovation
Leveraging Data to Engage Citizens and Drive InnovationLeveraging Data to Engage Citizens and Drive Innovation
Leveraging Data to Engage Citizens and Drive Innovation
 
Using MVC with Kentico 8
Using MVC with Kentico 8Using MVC with Kentico 8
Using MVC with Kentico 8
 
Here Comes Kentico 8
Here Comes Kentico 8Here Comes Kentico 8
Here Comes Kentico 8
 
Say hello to Kentico 8! Your integrated marketing solution has arrived
Say hello to Kentico 8! Your integrated marketing solution has arrivedSay hello to Kentico 8! Your integrated marketing solution has arrived
Say hello to Kentico 8! Your integrated marketing solution has arrived
 
One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...
One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...
One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...
 
Getting started with MVC 5 and Visual Studio 2013
Getting started with MVC 5 and Visual Studio 2013Getting started with MVC 5 and Visual Studio 2013
Getting started with MVC 5 and Visual Studio 2013
 
Digital marketing best practices
Digital marketing best practices Digital marketing best practices
Digital marketing best practices
 
Do you speak digital marketing with Kentico CMS?
Do you speak digital marketing with Kentico CMS?Do you speak digital marketing with Kentico CMS?
Do you speak digital marketing with Kentico CMS?
 
Common questions for Windows Azure and Kentico CMS
Common questions for Windows Azure and Kentico CMSCommon questions for Windows Azure and Kentico CMS
Common questions for Windows Azure and Kentico CMS
 
Advanced development with Windows Azure
Advanced development with Windows AzureAdvanced development with Windows Azure
Advanced development with Windows Azure
 
Best Practices for Kentico CMS and Windows Azure
Best Practices for Kentico CMS and Windows AzureBest Practices for Kentico CMS and Windows Azure
Best Practices for Kentico CMS and Windows Azure
 
Deployment options for Kentico CMS on Windows Azure
Deployment options for Kentico CMS on Windows AzureDeployment options for Kentico CMS on Windows Azure
Deployment options for Kentico CMS on Windows Azure
 

Recently uploaded

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Recently uploaded (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 

Kentico CMS 7 - Security improvements

  • 1. Kentico CMS 7: Security improvements Dominik Pinter, dominikp@kentico.com
  • 2. Agenda • New features • New system protections • Improvements of existing features • Tips, hints, best practices
  • 3. Have you met Sean? • Sean, agent 00111 • Security expert at XYZ company
  • 4. Users accounts are in danger! Task #1: Sean, make user accounts as secure as possible - Passwords: password format, password policy, password expiration, forgotten passwords retrieval, password hash salt - Disabling autocomplete - Invalid logon attempts - Delete all testing users before production! - Emergency reset of Administrator password - CMSAdminEmergencyReset web.config key
  • 5. What about user sessions? Task #2: Sean, mitigate a risk that someone can steal user session. - Session attacks protection - Clickjacking protection - Screen lock
  • 6. Modules, modules, modules … Task #3: Sean, don‘t forget about the modules! - E-mail confirmation for subscription – Newsletters, Forums, Blogs, message boards - ASCX layouts protection - Reporting module protection - Web parts: Where, OrderBy
  • 7. Q&A