SlideShare a Scribd company logo

Kentico CMS 7 - Security improvements

Download as PPTX, PDF
Thomas Robbins
Thomas Robbins

Kentico takes security seriously and security improvements are an important part of any new release. Password expiration and policy enforcement, are just a few of the new security improvements in Kentico CMS 7. in this interactive and demo filled session we looked at the new security improvements in Kentico CMS 7.

Technology
1 of 8
Kentico CMS 7: Security improvements Dominik Pinter, dominikp@kentico.com
Agenda • New features • New system protections • Improvements of existing features • Tips, hints, best practices
Have you met Sean? • Sean, agent 00111 • Security expert at XYZ company
Users accounts are in danger! Task #1: Sean, make user accounts as secure as possible - Passwords: password format, password policy, password expiration, forgotten passwords retrieval, password hash salt - Disabling autocomplete - Invalid logon attempts - Delete all testing users before production! - Emergency reset of Administrator password - CMSAdminEmergencyReset web.config key
What about user sessions? Task #2: Sean, mitigate a risk that someone can steal user session. - Session attacks protection - Clickjacking protection - Screen lock
Modules, modules, modules … Task #3: Sean, don‘t forget about the modules! - E-mail confirmation for subscription – Newsletters, Forums, Blogs, message boards - ASCX layouts protection - Reporting module protection - Web parts: Where, OrderBy
Q&A
Thank you http://www.kentico.com http://devnet.kentico.com dominikp@kentico.com

Recommended

Aboutme 12983064135624 Phpapp01
Aboutme 12983064135624 Phpapp01Aboutme 12983064135624 Phpapp01
Aboutme 12983064135624 Phpapp01Irena90
 
About Me
About MeAbout Me
About MeIrena90
 
PlayFab Advanced Cloud Script
PlayFab Advanced Cloud ScriptPlayFab Advanced Cloud Script
PlayFab Advanced Cloud ScriptThomas Robbins
 
CMS and security / privacy
CMS and security / privacyCMS and security / privacy
CMS and security / privacyImpessCMS
 
Security CMS - Opensoure2Day event
Security CMS - Opensoure2Day eventSecurity CMS - Opensoure2Day event
Security CMS - Opensoure2Day eventAkarawuth Tamrareang
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemEditor IJCATR
 
Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312
Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312
Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312HetOndernemersBelang
 
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for Mythbusters
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for MythbustersJoomla!Day Switzerland 2013 - Ruth Cheesley - SEO for Mythbusters
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for MythbustersRuth Cheesley
 

Recommended

Aboutme 12983064135624 Phpapp01
Aboutme 12983064135624 Phpapp01Aboutme 12983064135624 Phpapp01
Aboutme 12983064135624 Phpapp01Irena90
 
About Me
About MeAbout Me
About MeIrena90
 
PlayFab Advanced Cloud Script
PlayFab Advanced Cloud ScriptPlayFab Advanced Cloud Script
PlayFab Advanced Cloud ScriptThomas Robbins
 
CMS and security / privacy
CMS and security / privacyCMS and security / privacy
CMS and security / privacyImpessCMS
 
Security CMS - Opensoure2Day event
Security CMS - Opensoure2Day eventSecurity CMS - Opensoure2Day event
Security CMS - Opensoure2Day eventAkarawuth Tamrareang
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemEditor IJCATR
 
Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312
Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312
Magazine Het Ondernemersbelang de Noordelijke Maasvallei 0312HetOndernemersBelang
 
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for Mythbusters
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for MythbustersJoomla!Day Switzerland 2013 - Ruth Cheesley - SEO for Mythbusters
Joomla!Day Switzerland 2013 - Ruth Cheesley - SEO for MythbustersRuth Cheesley
 
CMS Security - Ruth Cheesley - CMS Africa 2014
CMS Security - Ruth Cheesley - CMS Africa 2014CMS Security - Ruth Cheesley - CMS Africa 2014
CMS Security - Ruth Cheesley - CMS Africa 2014Ruth Cheesley
 
Wordpress and Your Brand
Wordpress and Your BrandWordpress and Your Brand
Wordpress and Your BrandSara Cannon
 
Introduction to Drupal (7) Theming
Introduction to Drupal (7) ThemingIntroduction to Drupal (7) Theming
Introduction to Drupal (7) ThemingRobert Carr
 
Building and Maintaining Open Source Project - YWC14
Building and Maintaining Open Source Project - YWC14Building and Maintaining Open Source Project - YWC14
Building and Maintaining Open Source Project - YWC14Akarawuth Tamrareang
 
Content Management Systems
Content Management SystemsContent Management Systems
Content Management Systemssahig123
 
Killing Churn with Totango and Salesforce
Killing Churn with Totango and SalesforceKilling Churn with Totango and Salesforce
Killing Churn with Totango and SalesforceTotango
 
Content Management Systems
Content Management SystemsContent Management Systems
Content Management SystemsKowshar Ahmed
 
Content Management System
Content Management SystemContent Management System
Content Management SystemDeepak Devadasan
 
CMS (CONTENT MANAGEMENT SYSTEM)
CMS (CONTENT MANAGEMENT SYSTEM)CMS (CONTENT MANAGEMENT SYSTEM)
CMS (CONTENT MANAGEMENT SYSTEM)Aaina Katyal
 
What is a Content Management System or CMS
What is a Content Management System or CMSWhat is a Content Management System or CMS
What is a Content Management System or CMSSteve Williams
 
Content Management System
Content Management SystemContent Management System
Content Management SystemAnand Subramaniam
 
Content Management System
Content Management SystemContent Management System
Content Management SystemOmnePresent
 
Got SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouGot SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouAnton Chuvakin
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual AppliancesJeremy Brown
 
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020 Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020 Ronni Pedersen
 
Amarjeet_Updated_Resume
Amarjeet_Updated_ResumeAmarjeet_Updated_Resume
Amarjeet_Updated_ResumeAmarjeet Kumar
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...BCC - Solutions for IBM Collaboration Software
 
CyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzoneCyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzoneITJobZone.biz
 
06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...appsec
 
Breaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection SolutionsBreaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection SolutionsMayank Dhiman
 
Client server chat
Client server chatClient server chat
Client server chatFreelancer
 

More Related Content

Viewers also liked

CMS Security - Ruth Cheesley - CMS Africa 2014
CMS Security - Ruth Cheesley - CMS Africa 2014CMS Security - Ruth Cheesley - CMS Africa 2014
CMS Security - Ruth Cheesley - CMS Africa 2014Ruth Cheesley
 
Wordpress and Your Brand
Wordpress and Your BrandWordpress and Your Brand
Wordpress and Your BrandSara Cannon
 
Introduction to Drupal (7) Theming
Introduction to Drupal (7) ThemingIntroduction to Drupal (7) Theming
Introduction to Drupal (7) ThemingRobert Carr
 
Building and Maintaining Open Source Project - YWC14
Building and Maintaining Open Source Project - YWC14Building and Maintaining Open Source Project - YWC14
Building and Maintaining Open Source Project - YWC14Akarawuth Tamrareang
 
Content Management Systems
Content Management SystemsContent Management Systems
Content Management Systemssahig123
 
Killing Churn with Totango and Salesforce
Killing Churn with Totango and SalesforceKilling Churn with Totango and Salesforce
Killing Churn with Totango and SalesforceTotango
 
Content Management Systems
Content Management SystemsContent Management Systems
Content Management SystemsKowshar Ahmed
 
CMS (CONTENT MANAGEMENT SYSTEM)
CMS (CONTENT MANAGEMENT SYSTEM)CMS (CONTENT MANAGEMENT SYSTEM)
CMS (CONTENT MANAGEMENT SYSTEM)Aaina Katyal
 
What is a Content Management System or CMS
What is a Content Management System or CMSWhat is a Content Management System or CMS
What is a Content Management System or CMSSteve Williams
 
Content Management System
Content Management SystemContent Management System
Content Management SystemOmnePresent
 

Viewers also liked (12)

CMS Security - Ruth Cheesley - CMS Africa 2014
CMS Security - Ruth Cheesley - CMS Africa 2014CMS Security - Ruth Cheesley - CMS Africa 2014
CMS Security - Ruth Cheesley - CMS Africa 2014
 
Wordpress and Your Brand
Wordpress and Your BrandWordpress and Your Brand
Wordpress and Your Brand
 
Introduction to Drupal (7) Theming
Introduction to Drupal (7) ThemingIntroduction to Drupal (7) Theming
Introduction to Drupal (7) Theming
 
Building and Maintaining Open Source Project - YWC14
Building and Maintaining Open Source Project - YWC14Building and Maintaining Open Source Project - YWC14
Building and Maintaining Open Source Project - YWC14
 
Content Management Systems
Content Management SystemsContent Management Systems
Content Management Systems
 
Killing Churn with Totango and Salesforce
Killing Churn with Totango and SalesforceKilling Churn with Totango and Salesforce
Killing Churn with Totango and Salesforce
 
Content Management Systems
Content Management SystemsContent Management Systems
Content Management Systems
 
Content Management System
Content Management SystemContent Management System
Content Management System
 
CMS (CONTENT MANAGEMENT SYSTEM)
CMS (CONTENT MANAGEMENT SYSTEM)CMS (CONTENT MANAGEMENT SYSTEM)
CMS (CONTENT MANAGEMENT SYSTEM)
 
What is a Content Management System or CMS
What is a Content Management System or CMSWhat is a Content Management System or CMS
What is a Content Management System or CMS
 
Content Management System
Content Management SystemContent Management System
Content Management System
 
Content Management System
Content Management SystemContent Management System
Content Management System
 

Similar to Kentico CMS 7 - Security improvements

Got SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouGot SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouAnton Chuvakin
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual AppliancesJeremy Brown
 
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020 Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020 Ronni Pedersen
 
Amarjeet_Updated_Resume
Amarjeet_Updated_ResumeAmarjeet_Updated_Resume
Amarjeet_Updated_ResumeAmarjeet Kumar
 
CyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzoneCyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzoneITJobZone.biz
 
06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...appsec
 
Breaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection SolutionsBreaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection SolutionsMayank Dhiman
 
Client server chat
Client server chatClient server chat
Client server chatFreelancer
 
ISC2_Cyber_Security_Notes.pdf
ISC2_Cyber_Security_Notes.pdfISC2_Cyber_Security_Notes.pdf
ISC2_Cyber_Security_Notes.pdfCCNAAccount
 
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...IBM Security
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...BeyondTrust
 
Beyond the OWASP Top 10
Beyond the OWASP Top 10Beyond the OWASP Top 10
Beyond the OWASP Top 10iphonepentest
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your systemRevital Lapidot
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your systemRevital Lapidot
 
Sailing through devlopment with legacy code
Sailing through devlopment with legacy codeSailing through devlopment with legacy code
Sailing through devlopment with legacy codeprasadkunte
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityRohit Kapoor
 

Similar to Kentico CMS 7 - Security improvements (20)

Got SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouGot SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For You
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual Appliances
 
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020 Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
 
Amarjeet_Updated_Resume
Amarjeet_Updated_ResumeAmarjeet_Updated_Resume
Amarjeet_Updated_Resume
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
IBM Connect 2014 SPOT114: No Compromise on Compliance: Streamline Administrat...
 
CyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzoneCyberArk Online Training By Expert Trainer - itjobzone
CyberArk Online Training By Expert Trainer - itjobzone
 
06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...
 
Breaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection SolutionsBreaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection Solutions
 
Client server chat
Client server chatClient server chat
Client server chat
 
ISC2_Cyber_Security_Notes.pdf
ISC2_Cyber_Security_Notes.pdfISC2_Cyber_Security_Notes.pdf
ISC2_Cyber_Security_Notes.pdf
 
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...
 
Beyond the OWASP Top 10
Beyond the OWASP Top 10Beyond the OWASP Top 10
Beyond the OWASP Top 10
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your system
 
10 tips for hardening your system
10 tips for hardening your system10 tips for hardening your system
10 tips for hardening your system
 
Sailing through devlopment with legacy code
Sailing through devlopment with legacy codeSailing through devlopment with legacy code
Sailing through devlopment with legacy code
 
Authentication Management
Authentication ManagementAuthentication Management
Authentication Management
 
Isys20261 lecture 14
Isys20261 lecture 14Isys20261 lecture 14
Isys20261 lecture 14
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
 

More from Thomas Robbins

What’s in the box? Creating chance mechanics and rewards
What’s in the box? Creating chance mechanics and rewardsWhat’s in the box? Creating chance mechanics and rewards
What’s in the box? Creating chance mechanics and rewardsThomas Robbins
 
Getting started with Cloud Script
Getting started with Cloud ScriptGetting started with Cloud Script
Getting started with Cloud ScriptThomas Robbins
 
Say hello to the new PlayFab!
Say hello to the new PlayFab!Say hello to the new PlayFab!
Say hello to the new PlayFab!Thomas Robbins
 
Data-Driven Government: Explore the Four Pillars of Value
Data-Driven Government: Explore the Four Pillars of ValueData-Driven Government: Explore the Four Pillars of Value
Data-Driven Government: Explore the Four Pillars of ValueThomas Robbins
 
Financial Transparency Trailblazers
Financial Transparency TrailblazersFinancial Transparency Trailblazers
Financial Transparency TrailblazersThomas Robbins
 
Telling Stories with Open Data
Telling Stories with Open DataTelling Stories with Open Data
Telling Stories with Open DataThomas Robbins
 
Socrata Financial Transparency Suite
Socrata Financial Transparency Suite Socrata Financial Transparency Suite
Socrata Financial Transparency Suite Thomas Robbins
 
Socrata Service Connect
Socrata Service ConnectSocrata Service Connect
Socrata Service ConnectThomas Robbins
 
Leveraging Data to Engage Citizens and Drive Innovation
Leveraging Data to Engage Citizens and Drive InnovationLeveraging Data to Engage Citizens and Drive Innovation
Leveraging Data to Engage Citizens and Drive InnovationThomas Robbins
 
Using MVC with Kentico 8
Using MVC with Kentico 8Using MVC with Kentico 8
Using MVC with Kentico 8Thomas Robbins
 
Say hello to Kentico 8! Your integrated marketing solution has arrived
Say hello to Kentico 8! Your integrated marketing solution has arrivedSay hello to Kentico 8! Your integrated marketing solution has arrived
Say hello to Kentico 8! Your integrated marketing solution has arrivedThomas Robbins
 
One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...
One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...
One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...Thomas Robbins
 
Getting started with MVC 5 and Visual Studio 2013
Getting started with MVC 5 and Visual Studio 2013Getting started with MVC 5 and Visual Studio 2013
Getting started with MVC 5 and Visual Studio 2013Thomas Robbins
 
Digital marketing best practices
Digital marketing best practices Digital marketing best practices
Digital marketing best practices Thomas Robbins
 
Do you speak digital marketing with Kentico CMS?
Do you speak digital marketing with Kentico CMS?Do you speak digital marketing with Kentico CMS?
Do you speak digital marketing with Kentico CMS?Thomas Robbins
 
Common questions for Windows Azure and Kentico CMS
Common questions for Windows Azure and Kentico CMSCommon questions for Windows Azure and Kentico CMS
Common questions for Windows Azure and Kentico CMSThomas Robbins
 
Advanced development with Windows Azure
Advanced development with Windows AzureAdvanced development with Windows Azure
Advanced development with Windows AzureThomas Robbins
 
Best Practices for Kentico CMS and Windows Azure
Best Practices for Kentico CMS and Windows AzureBest Practices for Kentico CMS and Windows Azure
Best Practices for Kentico CMS and Windows AzureThomas Robbins
 
Deployment options for Kentico CMS on Windows Azure
Deployment options for Kentico CMS on Windows AzureDeployment options for Kentico CMS on Windows Azure
Deployment options for Kentico CMS on Windows AzureThomas Robbins
 

More from Thomas Robbins (20)

What’s in the box? Creating chance mechanics and rewards
What’s in the box? Creating chance mechanics and rewardsWhat’s in the box? Creating chance mechanics and rewards
What’s in the box? Creating chance mechanics and rewards
 
Getting started with Cloud Script
Getting started with Cloud ScriptGetting started with Cloud Script
Getting started with Cloud Script
 
Say hello to the new PlayFab!
Say hello to the new PlayFab!Say hello to the new PlayFab!
Say hello to the new PlayFab!
 
Data-Driven Government: Explore the Four Pillars of Value
Data-Driven Government: Explore the Four Pillars of ValueData-Driven Government: Explore the Four Pillars of Value
Data-Driven Government: Explore the Four Pillars of Value
 
Financial Transparency Trailblazers
Financial Transparency TrailblazersFinancial Transparency Trailblazers
Financial Transparency Trailblazers
 
Telling Stories with Open Data
Telling Stories with Open DataTelling Stories with Open Data
Telling Stories with Open Data
 
Socrata Financial Transparency Suite
Socrata Financial Transparency Suite Socrata Financial Transparency Suite
Socrata Financial Transparency Suite
 
Socrata Service Connect
Socrata Service ConnectSocrata Service Connect
Socrata Service Connect
 
Leveraging Data to Engage Citizens and Drive Innovation
Leveraging Data to Engage Citizens and Drive InnovationLeveraging Data to Engage Citizens and Drive Innovation
Leveraging Data to Engage Citizens and Drive Innovation
 
Using MVC with Kentico 8
Using MVC with Kentico 8Using MVC with Kentico 8
Using MVC with Kentico 8
 
Here Comes Kentico 8
Here Comes Kentico 8Here Comes Kentico 8
Here Comes Kentico 8
 
Say hello to Kentico 8! Your integrated marketing solution has arrived
Say hello to Kentico 8! Your integrated marketing solution has arrivedSay hello to Kentico 8! Your integrated marketing solution has arrived
Say hello to Kentico 8! Your integrated marketing solution has arrived
 
One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...
One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...
One Size does Not Fit All: Selecting the Right Mobile StrategyKentico mobil...
 
Getting started with MVC 5 and Visual Studio 2013
Getting started with MVC 5 and Visual Studio 2013Getting started with MVC 5 and Visual Studio 2013
Getting started with MVC 5 and Visual Studio 2013
 
Digital marketing best practices
Digital marketing best practices Digital marketing best practices
Digital marketing best practices
 
Do you speak digital marketing with Kentico CMS?
Do you speak digital marketing with Kentico CMS?Do you speak digital marketing with Kentico CMS?
Do you speak digital marketing with Kentico CMS?
 
Common questions for Windows Azure and Kentico CMS
Common questions for Windows Azure and Kentico CMSCommon questions for Windows Azure and Kentico CMS
Common questions for Windows Azure and Kentico CMS
 
Advanced development with Windows Azure
Advanced development with Windows AzureAdvanced development with Windows Azure
Advanced development with Windows Azure
 
Best Practices for Kentico CMS and Windows Azure
Best Practices for Kentico CMS and Windows AzureBest Practices for Kentico CMS and Windows Azure
Best Practices for Kentico CMS and Windows Azure
 
Deployment options for Kentico CMS on Windows Azure
Deployment options for Kentico CMS on Windows AzureDeployment options for Kentico CMS on Windows Azure
Deployment options for Kentico CMS on Windows Azure
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 

Kentico CMS 7 - Security improvements

  • 1. Kentico CMS 7: Security improvements Dominik Pinter, dominikp@kentico.com
  • 2. Agenda • New features • New system protections • Improvements of existing features • Tips, hints, best practices
  • 3. Have you met Sean? • Sean, agent 00111 • Security expert at XYZ company
  • 4. Users accounts are in danger! Task #1: Sean, make user accounts as secure as possible - Passwords: password format, password policy, password expiration, forgotten passwords retrieval, password hash salt - Disabling autocomplete - Invalid logon attempts - Delete all testing users before production! - Emergency reset of Administrator password - CMSAdminEmergencyReset web.config key
  • 5. What about user sessions? Task #2: Sean, mitigate a risk that someone can steal user session. - Session attacks protection - Clickjacking protection - Screen lock
  • 6. Modules, modules, modules … Task #3: Sean, don‘t forget about the modules! - E-mail confirmation for subscription – Newsletters, Forums, Blogs, message boards - ASCX layouts protection - Reporting module protection - Web parts: Where, OrderBy
  • 7. Q&A