Juraj Komlosi Kentico Software s.r.o.

In recent days, we have been informed by several customers that their (unsupported) Kentico instances have been compromised by advertisement malware. Our strong recommendation is to keep your instances updated. Based on the Product Support Lifecycle Policy, Kentico regularly releases security patches for Kentico 12, Kentico Xperience 13 and Xperience by Kentico. If your website is built on an older version (e.g. Kentico 8 - Kentico 11) then you could be a potential target for attackers.

Today we're really excited to announce the opening of the Kentico Xperience Private Bug Bounty Program.

Since SSL is considered an outdated technology and may be subject to security vulnerabilities in the future, it is strongly recommended to use TLS v1.1 or newer if possible.

Cross-site request forgery (CSRF) is one of the most common web applications vulnerabilities. In 2013 it was ranked number 8 in OWASP’s TOP 10 document. In this article I am going to explain what is the CSRF vulnerability and the available protection methods.

SQL injection is one of the most dangerous threats against web applications. Therefore, it is really important to pay extra attention to avoiding SQL injection. Every successful attack may compromise sensitive data or lead to privilege escalation.

In this article I will describe how cross-site scripting (XSS) works and how to write secure code to avoid this vulnerability. OWASP pages classify cross-site scripting as a high severity vulnerability. XSS is also one of the most frequently exploited vulnerabilities in web applications.

The macro engine is a powerful option you can use when developing your web project. Page macros are just one part of this engine. Since changes have been made to the page macro’s security in hotfix 8.1.11, this article will primarily focus on page macro expressions and the appropriate security check you should be aware of.

We have updated our deployment script with new cmdlets included in the latest Windows Azure Powershell (May 2013). If you want to know what’s new, please read my short blog post.

We at Kentico take the security of our product very seriously. That’s why we implement security improvements into every new version. Kentico CMS 7 is not an exception, so let‘s take a look at what’s new.

Using this PowerShell script, you can easily deploy a Kentico CMS website to Windows Azure. You only have to do three easy steps and run the script.