November Happy Hour will be moved to Thursday December 5th.

AI OnAI Off

EPiServer 6 Security Analysis

andy.welch@cubeworks.co.uk
andy.welch@cubeworks.co.uk
Vote:
 

Can anyone point me in the direction of a Security Analysis paper that has been conducted on EPiServer? I have looked on the EPiServer site but can't find anything that talks about the type of security that is used on the logins, or how common vulnerable areas are dealt with i.e. Contact Forms etc  

#39860
Jun 03, 2010 17:48
Lars Bodahl
Lars Bodahl
Vote:
 

Frederik Vig has put together a great collection of EPiServer information. You could start by checking out:
http://www.frederikvig.com/2010/05/episerver-developer-resources/#toc-security-membership-roles
http://www.frederikvig.com/2010/05/episerver-developer-resources/#toc-configuration

EPiServer uses standard Microsoft .Net membership providers, so you could look at Microsoft documentation as well:
http://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.aspx

I don't think there's a security analysis paper available from EPiServer, but we had a third party do a security test on a solution I was working on, and they did not find any remarks regarding EPiServer and security.

#39876
Jun 04, 2010 8:12
andy.welch@cubeworks.co.uk
andy.welch@cubeworks.co.uk
Vote:
 

Nice one, thanks for the information. 

#39881
Jun 04, 2010 11:22
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.