DevNet Author Profile

Kentico unsupported versions might be at risk

Juraj Komlosi — Fri, 02 Dec 2022 08:29:58 GMT

In recent days, we have been informed by several customers that their (unsupported) Kentico instances have been compromised by advertisement malware. Our strong recommendation is to keep your instances updated. Based on the Product Support Lifecycle Policy, Kentico regularly releases security patches for Kentico 12, Kentico Xperience 13 and Xperience by Kentico. If your website is built on an older version (e.g. Kentico 8 - Kentico 11) then you could be a potential target for attackers.

Kentico Xperience Private Bug Bounty Program

Juraj Komlosi — Wed, 23 Feb 2022 12:00:00 GMT

Today we're really excited to announce the opening of the Kentico Xperience Private Bug Bounty Program.

TLS 1.2 support

Juraj Komlosi — Thu, 31 Mar 2016 14:00:00 GMT

Since SSL is considered an outdated technology and may be subject to security vulnerabilities in the future, it is strongly recommended to use TLS v1.1 or newer if possible.

Protection against Cross-site request forgery (CSRF, XSRF)

Juraj Komlosi — Wed, 25 Mar 2015 15:00:00 GMT

Cross-site request forgery (CSRF) is one of the most common web applications vulnerabilities. In 2013 it was ranked number 8 in OWASP’s TOP 10 document. In this article I am going to explain what is the CSRF vulnerability and the available protection methods.

Security - Avoiding SQL Injection (SQLi)

Juraj Komlosi — Wed, 03 Dec 2014 12:30:23 GMT

SQL injection is one of the most dangerous threats against web applications. Therefore, it is really important to pay extra attention to avoiding SQL injection. Every successful attack may compromise sensitive data or lead to privilege escalation.

Security - Avoiding Cross-site Scripting (XSS)

Juraj Komlosi — Wed, 26 Nov 2014 11:53:37 GMT

In this article I will describe how cross-site scripting (XSS) works and how to write secure code to avoid this vulnerability. OWASP pages classify cross-site scripting as a high severity vulnerability. XSS is also one of the most frequently exploited vulnerabilities in web applications.

Page macro expressions security

Juraj Komlosi — Thu, 06 Nov 2014 15:53:47 GMT

The macro engine is a powerful option you can use when developing your web project. Page macros are just one part of this engine. Since changes have been made to the page macro’s security in hotfix 8.1.11, this article will primarily focus on page macro expressions and the appropriate security check you should be aware of.

New version of Windows Azure deployment script

Juraj Komlosi — Thu, 30 May 2013 04:06:43 GMT

We have updated our deployment script with new cmdlets included in the latest Windows Azure Powershell (May 2013). If you want to know what’s new, please read my short blog post.

Security improvements in Kentico CMS 7

Juraj Komlosi — Thu, 17 May 2012 06:40:30 GMT

We at Kentico take the security of our product very seriously. That’s why we implement security improvements into every new version. Kentico CMS 7 is not an exception, so let‘s take a look at what’s new.

Windows Azure deployment script on Kentico Marketplace

Juraj Komlosi — Sun, 29 Apr 2012 23:51:15 GMT

Using this PowerShell script, you can easily deploy a Kentico CMS website to Windows Azure. You only have to do three easy steps and run the script.