DotNetNuke (DNN) is a leader in open source content management system (CMS) for enterprises and it is the most widely used as a web CMS for Microsoft (Microsoft.NET). It helps businesses structure and manage content on their websites and their online clout which can be accessible by any device. As of now, it supports over 2500 commercial applications, 3200 customers and 910,000 websites. DNN adopts a 3 tier architectural design supporting the basic modules which are offered by them. It offers extensions using 3rd party modules & developers can add functionalities & features & integrate on to websites using the same. DNN skins have the capabilities to customize the look & the feel of the website through DNN skins. DNN works very hard to ensure that security issues are routed, reported & resolved through a proper channel through the DNN Security Centre. DNN provides requisite workaround or fixes in the applications for developers for any kind of security issues arising out of them. DNN task force reviews all the information given by members with immense confidentiality & a severity level is assigned against the issue reported in accordance with the impact it can have on DNN applications worldwide.
Security Levels in DNN
The severity level is classified as critical, moderate & low.
A) Critical means the DNN application can exploited recklessly to get access into confidential DNN information, data & functionalities and could have a huge impact on the application as well. All critical issues have to be addressed ASAP by the DNN security centre.
B) Moderate means an issue could be compromised if one or the other prerequisites are met which can have a not so high impact on the DNN applications. There is a set of recommended actions to resolve such kind of moderate issues.
C) Low means the issue has very low level of impact on DNN applications & chances of it getting affected is miniscule.
Also, the Task Force at DNN Security Centre issues a regular security bulletin via DNN blogposts to the community members & developers where it provides details about the issues reported by global partners & the process they implemented in resolving these issues. It also says the versions which were impacted & the suggested fixes & workaround provided for the same.
DNN understands that customers have invested a great amount of time, money & energy during DNN implementations & DNN works hard towards insulating these investments. One such area is devising security policies & offering upgrades on a constant basis to partners & developers worldwide. It's important to note that it's very critical to protect customers' investments & the work that have done using DNN architectures & Evoq solutions. DNN constantly works in a direction where security upgrades are quick, easy & effortless which ensures that it doesn't meddle with your existing site structures, skins, templates, layouts or modules. It's the core function of offering world class DNN services to customers globally.
Types of DotNetNuke (DNN) Security Services
A) Module Security - The very objective of this is to assist developers in ensuring that they write modules (during web designing) with security in mind. It highlights common issues & provides guidance on how to identify & tackle expectant security issues. It provides recommended practices & gives general guidelines on web security & explains how to add layers to defend architectures by a hacker community. A hacker may have all the technical skills but may not possess the know-how of breaking through multiple layers thus making the architecture very secure. Adding a feature to validate the user at multiple layers can also make the system more resilient to such attacks.
B) Hosting Security – The main purpose of this is to offer users/developers safe & secure installations. Its all about offering the best fit during deployments from a range of different available environments. Environments can be hardened to make systems more secure & better decisions can be taken from a host of available scenarios offered by DNN to developers from its already available database. Developers will have to follows a set of guidelines to tighten deployments & installations to make site architectures more secure & safe. Finally, its the job of developers to see to it that their servers are clean, secure & safe for both IIS & SQL servers.