Security Facts of Kentico CMS 7.0
Here is the Process how the security is handled by Kentico CMS. It does not give a full list of all possibilities in the described topics. Instead, it focuses on the most common scenarios and gives the reader the whole picture from a broad perspective.
To fully understand this document, basic knowledge of Kentico CMS is required.The last part of the document introduces new features which will be part of the next version of Kentico CMS. Elements which mitigate the risk of security vulnerabilities in Kentico CMS
- The design of each new module/functionality is reviewed by a security expert according to various security standards.
- All developers and testers are continually trained in order to write secure code.Some of the used practices can be found in the Kentico CMS Security White Paper.
- All our production code is reviewed by a Technical leader,the CTO and a Security expert
- All our functionality is verified by QA (quality assurance) tests. Among other things, these tests are focused on security.
- Within the development department, there is one internal security team which periodically searches for security flaws in Kentico CMS code and its functionality.
- Both the production and development versions of Kentico CMS are periodically scanned by an automatic Web application security tool. Currently, we are using Acunetix web vulnerability scanner for this purpose.
- Every released version of Kentico CMS contains several new security features and enhancements (see the last chapter for details on what the next version of Kentico CMS will bring.
- All security vulnerabilities found in production code are fixed within 7 days.