ExpressionEngine-User-Guide icon indicating copy to clipboard operation
ExpressionEngine-User-Guide copied to clipboard
verified publisher icon ExpressionEngine

FR White paper section? Security WP example.

Open robinsowell opened this issue 2 years ago • 0 comments

I get intermittent requests for white papers - typically on security and server recommendations. Not sure if docs would be the right spot, but... maybe?

Community Involvement in Risk Vulnerability Identification Participant in HakerOne's vulnerability disclosure program https://hackerone.com/expressionengine?type=team Security reporting guidelines and encouragement of users to report suspected vulnerabilities (https://github.com/ExpressionEngine/ExpressionEngine-User-Guide/blob/6.dev/docs/bugs-and-security-reports.md#security-reporting-guidelines)   Spam prevention Native integration of Google reCaptcha (https://docs.expressionengine.com/latest/control-panel/settings/captcha.html#recaptcha-v3-settings) Native spam module that uses machine learning to identify suspect content submissions (https://docs.expressionengine.com/latest/add-ons/spam.html#usage) Ban access by IP, IP block, or referrer (https://docs.expressionengine.com/latest/add-ons/blocklist.html)    Tools for Website Administrators Customizable Password Policies (https://docs.expressionengine.com/latest/control-panel/settings/security-privacy.html#password-security-policy) User agent and IP Requirements for Login (https://docs.expressionengine.com/latest/control-panel/settings/security-privacy.html#require-user-agent-and-ip-for-login) Recommendations for site hardening (https://docs.expressionengine.com/latest/security/general-tips.html#security-tips)    Security and Privacy for End Users Native tools to help achieve GDRP (General Data Protection Regulation) compliance (https://docs.expressionengine.com/latest/general/gdpr.html#gdpr-and-expressionengine) Consent module for fine grained control over user consent to cookies (https://docs.expressionengine.com/latest/add-ons/blocklist.html) Ability to anonymize user data (https://docs.expressionengine.com/latest/control-panel/member-profile.html#anonymize-user)   Automated Testing Security checks built into automated testing. Here's an example of a Cross Site Scripting (XSS) check in our Cypress tests.

CVE (Common Vulnerabilities and Exposures) Reports There have been no known critical level CVE exploits reported in our 20 year history https://www.cvedetails.com/vulnerability-list/vendor_id-7662/Expressionengine.html

robinsowell avatar May 03 '23 17:05 robinsowell