Note: This guide describes Kentico CMS version 7. Unfortunately, we cannot support this guide from version 8 forward. Go to latest documentation

Skip to end of metadata
Go to start of metadata

This is a design checklist – facts you should consider before you begin developing your website.

Security requirements

CheckDescription
 I know how critical the application safety will be (whether it is a blog, corporate website, e-shop, bank application, etc.).
 I know if my application will need any special certificates (PCI, Safe Harbor, etc.).
 I know which special requirements will be imposed on the application (custom authentication, premium sections, various types of administrators, etc.).
 I have an idea about the number of users accessing the system, which roles will the users be grouped under, which sections of the website will be accessible only to authenticated users, and so on.
 I know how large the scope of planned custom development will be.
 I know if security issues will be addressed during the development phase (possibly with the threat modeling) or after the application has been implemented.

Environment

CheckDescription
 I know what environment will I deploy my application to (private server, web hosting or cloud).
 I know the security restrictions of the live environment (full trust/medium trust, etc.).
 I know what settings will I have access to in the live environment (which IIS settings).

Kentico

CheckDescription
 I have mapped my security requirements to the Kentico system (for example, if you want to apply password policy, then you know Kentico ensures this and if the solution suits you).
 I am familiar with all Kentico system protections and I know how to utilize them.
 I know which modules and services will my application need and which I can uninstall or disable.
 I know how to use Kentico API securely.
 I have designed all custom authorization and authentication protections and I know how to implement them in Kentico.
  • No labels