With security vulnerabilities like Log4j circling the news, it’s a great time to check in on your digital experience platform (DXP) to see how it stacks up against threats like these.
What is the Log4j security vulnerability?
Some websites that utilize Log4j Java components are vulnerable to major attacks. According to Microsoft, attackers provide a specially crafted string that is parsed and processed by a Log4j 2 vulnerable component, which triggers a vulnerability that allows unauthenticated remote code execution.
The great news is that websites powered by Kentico Xperience aren’t affected by the Log4j vulnerability because the underlying architecture is not built on Java.
Running your Kentico Xperience on Azure? Read the Microsoft Blog for more information.
How secure is Kentico Xperience?
At Kentico Xperience, security has always been one of the fundamental characteristics of our product. ISO 27001 certified and built on .NET technologies, means you don’t need to worry about vulnerabilities like Log4j.
We ensure our DXP undergoes regular security testing and security-focused code reviews. It means that you can rest assured that your website and data remain protected from threats.
In addition to the platform itself being secure, if your website is powered by Kentico Xperience, you can boost your security through:
- Anti-CSRF tokens
Thanks to Anti Cross-Site Request Forgery (CSRF) tokens you can increase the security of your website. With no reduction in the performance of your website, it protects against CSRF.
- Multiple security layers
With Kentico Xperience, you can create multiple security layers to separate data, administration, and the live site, boosting security across your entire website.
- Multiple authentication methods
If you’re wanting to protect your data, you can leverage forms authentication based on standard ASP.NET authentication, Windows authentication, claim-based, multi-factor, or social network authentication. It’s even possible to implement a custom authentication mechanism for your existing user databases or legacy systems.
- Defined users, roles, and permissions
Limit who has access to your website content and data. With Kentico Xperience, you can easily set up different user profiles with custom fields with different sets of permissions. There are options to import users from external systems and you can even let visitors create their own accounts. Plus, once users are set, you can leverage personalization-based permissions to restrict access to different content types, e.g. individual documents or pages.
- Double opt-in and reCAPTCHA
You can ask users to confirm their registration on your website via email and have the option to approve them before they can sign in to your website. Plus, it’s not just vulnerabilities like Log4j you need to protect yourself from. Spam and abuse can be mitigated to a degree by integrating Google reCAPTCHA.
Learn more about website security
Keeping your website security in check is always a solid move for any company wanting to maintain business continuity and mitigate financial loss.
Check out this blog from Juraj Komlosi, our Chief Information Security Officer at Kentico Xperience, to learn more about how you can prevent the devastating impact of a data breach with Kentico Xperience.
Alternatively, if you have a website that’s running on Kentico Xperience and you want to make sure it still complies with the latest security standards, book a security audit today.