SlideShare ist ein Scribd-Unternehmen logo
1 von 9
Downloaden Sie, um offline zu lesen
Security Matters 
Alexander Loechel on 
plone.app.vulneritilities 
plone.vulnerabilitychecks.* 
plone.hud 
PLONE CONFERENCE 
BRISTOL 2014
Studies on Security 
• Security Study on Content 
Management Systems 
published by the German 
Federal Office for Information 
Security May 2013 
• Take at least 
15 min / day / system 
- Look for updates 
- Apply Patches
„You should proceed under the assumption that 
every Drupal 7 website was compromised unless 
updated or patched before … 
after the announcement.“ 
Drupal Security Team
plone.app.vulnerbilities 
http://plone.org/hotfixes
plone.hud / plone.app.hud
Lightning Talk: Security matters @ploneconf 2014
JSON from 
plone.org and 
pypi.python.org
Supply Information 
• Check for vulnerabilities on Plone installs: 
• plone.vulnerabilitychecks.instance_startup —> disable or warn on startup 
• plone.vulnerabilitychecks.buildout —> warn or stop buildout 
• plone.vulnerabilitychecks.tests —> For CI Tests 
• plone.vulnerabilitycheckes.controlpanel —> Version Information View 
• buildout.autoapplyplonehotfixes 
• —> github.com/loechel/ 
• dependencies: 
• plone.vulnerabilitychecks.core —> JSON <— plone.app.vulnerabilities
Future Work 
• Sprinting on that 
• Include up-to-date lone.app.vulnerabilities in 
plone.org and keep Information up-to-date 
• May a PLIP to include those Packages in the 
Installers as a out-commented option with 
documentation 
• Make people more aware of Plone Security

Weitere ähnliche Inhalte

Was ist angesagt?

Metasploit
MetasploitMetasploit
Metasploithenelpj
 
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020Brian Levine
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryTim Mackey
 
Wordpress security
Wordpress securityWordpress security
Wordpress securityjhon wilson
 
Infrastruktur & Security: Sichere Web-Applikationen durch Hacking-Lab
Infrastruktur & Security: Sichere Web-Applikationen durch Hacking-LabInfrastruktur & Security: Sichere Web-Applikationen durch Hacking-Lab
Infrastruktur & Security: Sichere Web-Applikationen durch Hacking-LabONE Schweiz
 
New Era of Software with modern Application Security (v0.6)
New Era of Software with modern Application Security (v0.6)New Era of Software with modern Application Security (v0.6)
New Era of Software with modern Application Security (v0.6)Dinis Cruz
 
How to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsHow to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsZane Lackey
 
OpenSourceSecurityTools - UPDATED
OpenSourceSecurityTools - UPDATEDOpenSourceSecurityTools - UPDATED
OpenSourceSecurityTools - UPDATEDSparsh Raj
 
New Era of Software with modern Application Security v1.0
New Era of Software with modern Application Security v1.0New Era of Software with modern Application Security v1.0
New Era of Software with modern Application Security v1.0Dinis Cruz
 
NIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsNIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsOddvar Moe
 

Was ist angesagt? (15)

Metasploit
MetasploitMetasploit
Metasploit
 
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
 
Security
SecuritySecurity
Security
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Wordpress security
Wordpress securityWordpress security
Wordpress security
 
Day 0
Day 0Day 0
Day 0
 
Infrastruktur & Security: Sichere Web-Applikationen durch Hacking-Lab
Infrastruktur & Security: Sichere Web-Applikationen durch Hacking-LabInfrastruktur & Security: Sichere Web-Applikationen durch Hacking-Lab
Infrastruktur & Security: Sichere Web-Applikationen durch Hacking-Lab
 
New Era of Software with modern Application Security (v0.6)
New Era of Software with modern Application Security (v0.6)New Era of Software with modern Application Security (v0.6)
New Era of Software with modern Application Security (v0.6)
 
OISF - AppSec Presentation
OISF - AppSec PresentationOISF - AppSec Presentation
OISF - AppSec Presentation
 
My pwk & oscp journey
My pwk & oscp journeyMy pwk & oscp journey
My pwk & oscp journey
 
How to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsHow to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOps
 
OpenSourceSecurityTools - UPDATED
OpenSourceSecurityTools - UPDATEDOpenSourceSecurityTools - UPDATED
OpenSourceSecurityTools - UPDATED
 
New Era of Software with modern Application Security v1.0
New Era of Software with modern Application Security v1.0New Era of Software with modern Application Security v1.0
New Era of Software with modern Application Security v1.0
 
Avc prot 2012b_en
Avc prot 2012b_enAvc prot 2012b_en
Avc prot 2012b_en
 
NIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsNIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows Environments
 

Andere mochten auch

Mosaic - flexibele layouts voor Plone
Mosaic - flexibele layouts voor PloneMosaic - flexibele layouts voor Plone
Mosaic - flexibele layouts voor Plonekhink
 
Why CMS will not die
Why CMS will not dieWhy CMS will not die
Why CMS will not dieMakina Corpus
 
Running a Plone product on Substance D
Running a Plone product on Substance DRunning a Plone product on Substance D
Running a Plone product on Substance DMakina Corpus
 
Ancient To Modern: Upgrading nearly a decade of Plone in public radio
Ancient To Modern: Upgrading nearly a decade of Plone in public radioAncient To Modern: Upgrading nearly a decade of Plone in public radio
Ancient To Modern: Upgrading nearly a decade of Plone in public radioCristopher Ewing
 
Content's quality for Plone editors
Content's quality for Plone editorsContent's quality for Plone editors
Content's quality for Plone editorsMaurizio Delmonte
 
Code analysis for a better future
Code analysis for a better futureCode analysis for a better future
Code analysis for a better futuregilforcada
 
Historico das Conferencias Python Brasil
Historico das Conferencias Python BrasilHistorico das Conferencias Python Brasil
Historico das Conferencias Python BrasilTania Andrea
 
Plone Hosting: A Panel Discussion
Plone Hosting: A Panel DiscussionPlone Hosting: A Panel Discussion
Plone Hosting: A Panel DiscussionJazkarta, Inc.
 
The state of Plone Intranet
The state of Plone IntranetThe state of Plone Intranet
The state of Plone IntranetGuido Stevens
 
PloneConf 2014 CDN terada
PloneConf 2014 CDN teradaPloneConf 2014 CDN terada
PloneConf 2014 CDN teradaManabu Terada
 
Resource registries plone conf 2014
Resource registries plone conf 2014Resource registries plone conf 2014
Resource registries plone conf 2014Ramon Navarro
 
The Mountaineers: Scaling the Heights with Plone
The Mountaineers: Scaling the Heights with PloneThe Mountaineers: Scaling the Heights with Plone
The Mountaineers: Scaling the Heights with PloneJazkarta, Inc.
 
TTW FTW: Plone as the new wordpress
TTW FTW: Plone as the new wordpressTTW FTW: Plone as the new wordpress
TTW FTW: Plone as the new wordpressDylan Jay
 
Plone deployment made easy
Plone deployment made easyPlone deployment made easy
Plone deployment made easyKim Chee Leong
 
Plone 5 theming unleashed
Plone 5 theming unleashedPlone 5 theming unleashed
Plone 5 theming unleashedsneridagh
 
Plone Intranet Consortium - united we stand, divided we fall
Plone Intranet Consortium - united we stand, divided we fallPlone Intranet Consortium - united we stand, divided we fall
Plone Intranet Consortium - united we stand, divided we fallGuido Stevens
 
Social, Digital & Mobile Around The World (January 2014)
Social, Digital & Mobile Around The World (January 2014)Social, Digital & Mobile Around The World (January 2014)
Social, Digital & Mobile Around The World (January 2014)We Are Social Singapore
 
Recommender Systems (Machine Learning Summer School 2014 @ CMU)
Recommender Systems (Machine Learning Summer School 2014 @ CMU)Recommender Systems (Machine Learning Summer School 2014 @ CMU)
Recommender Systems (Machine Learning Summer School 2014 @ CMU)Xavier Amatriain
 

Andere mochten auch (19)

Mosaic - flexibele layouts voor Plone
Mosaic - flexibele layouts voor PloneMosaic - flexibele layouts voor Plone
Mosaic - flexibele layouts voor Plone
 
Why CMS will not die
Why CMS will not dieWhy CMS will not die
Why CMS will not die
 
Running a Plone product on Substance D
Running a Plone product on Substance DRunning a Plone product on Substance D
Running a Plone product on Substance D
 
Ancient To Modern: Upgrading nearly a decade of Plone in public radio
Ancient To Modern: Upgrading nearly a decade of Plone in public radioAncient To Modern: Upgrading nearly a decade of Plone in public radio
Ancient To Modern: Upgrading nearly a decade of Plone in public radio
 
Content's quality for Plone editors
Content's quality for Plone editorsContent's quality for Plone editors
Content's quality for Plone editors
 
Code analysis for a better future
Code analysis for a better futureCode analysis for a better future
Code analysis for a better future
 
Historico das Conferencias Python Brasil
Historico das Conferencias Python BrasilHistorico das Conferencias Python Brasil
Historico das Conferencias Python Brasil
 
Plone Hosting: A Panel Discussion
Plone Hosting: A Panel DiscussionPlone Hosting: A Panel Discussion
Plone Hosting: A Panel Discussion
 
The state of Plone Intranet
The state of Plone IntranetThe state of Plone Intranet
The state of Plone Intranet
 
PloneConf 2014 CDN terada
PloneConf 2014 CDN teradaPloneConf 2014 CDN terada
PloneConf 2014 CDN terada
 
Resource registries plone conf 2014
Resource registries plone conf 2014Resource registries plone conf 2014
Resource registries plone conf 2014
 
The Mountaineers: Scaling the Heights with Plone
The Mountaineers: Scaling the Heights with PloneThe Mountaineers: Scaling the Heights with Plone
The Mountaineers: Scaling the Heights with Plone
 
TTW FTW: Plone as the new wordpress
TTW FTW: Plone as the new wordpressTTW FTW: Plone as the new wordpress
TTW FTW: Plone as the new wordpress
 
Plone deployment made easy
Plone deployment made easyPlone deployment made easy
Plone deployment made easy
 
Plone 5 theming unleashed
Plone 5 theming unleashedPlone 5 theming unleashed
Plone 5 theming unleashed
 
Plone Intranet Consortium - united we stand, divided we fall
Plone Intranet Consortium - united we stand, divided we fallPlone Intranet Consortium - united we stand, divided we fall
Plone Intranet Consortium - united we stand, divided we fall
 
Social, Digital & Mobile Around The World (January 2014)
Social, Digital & Mobile Around The World (January 2014)Social, Digital & Mobile Around The World (January 2014)
Social, Digital & Mobile Around The World (January 2014)
 
Recommender Systems (Machine Learning Summer School 2014 @ CMU)
Recommender Systems (Machine Learning Summer School 2014 @ CMU)Recommender Systems (Machine Learning Summer School 2014 @ CMU)
Recommender Systems (Machine Learning Summer School 2014 @ CMU)
 
Digital, Social & Mobile in 2015
Digital, Social & Mobile in 2015Digital, Social & Mobile in 2015
Digital, Social & Mobile in 2015
 

Ähnlich wie Lightning Talk: Security matters @ploneconf 2014

Eirtight writing secure code
Eirtight writing secure codeEirtight writing secure code
Eirtight writing secure codeKieran Dundon
 
Antivirus Comparative junio 2014
Antivirus Comparative junio 2014Antivirus Comparative junio 2014
Antivirus Comparative junio 2014Doryan Mathos
 
Understanding Plone Security
Understanding Plone SecurityUnderstanding Plone Security
Understanding Plone SecurityFabiano Weimar
 
Understanding SELinux For the Win
Understanding SELinux For the WinUnderstanding SELinux For the Win
Understanding SELinux For the Winbmbouter
 
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017Jermund Ottermo
 
Common tasks oct 2012
Common tasks oct 2012Common tasks oct 2012
Common tasks oct 2012mike2977
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesAnant Shrivastava
 
Conf2014_SplunkSecurityNinjutsu
Conf2014_SplunkSecurityNinjutsuConf2014_SplunkSecurityNinjutsu
Conf2014_SplunkSecurityNinjutsuSplunk
 
Getting started with Octopus Deploy
Getting started with Octopus DeployGetting started with Octopus Deploy
Getting started with Octopus DeployKaroline Klever
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applicationseightbit
 
Continuous Integration for Beginners
Continuous Integration for BeginnersContinuous Integration for Beginners
Continuous Integration for BeginnersYüce Çelikel
 
Yow connected developing secure i os applications
Yow connected   developing secure i os applicationsYow connected   developing secure i os applications
Yow connected developing secure i os applicationsmgianarakis
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdfMAHESHUMANATHGOPALAK
 
SOC-BlueTEam.pdf
SOC-BlueTEam.pdfSOC-BlueTEam.pdf
SOC-BlueTEam.pdfBeratAkit
 

Ähnlich wie Lightning Talk: Security matters @ploneconf 2014 (20)

Eirtight writing secure code
Eirtight writing secure codeEirtight writing secure code
Eirtight writing secure code
 
Antivirus Comparative junio 2014
Antivirus Comparative junio 2014Antivirus Comparative junio 2014
Antivirus Comparative junio 2014
 
Understanding Plone Security
Understanding Plone SecurityUnderstanding Plone Security
Understanding Plone Security
 
Understanding SELinux For the Win
Understanding SELinux For the WinUnderstanding SELinux For the Win
Understanding SELinux For the Win
 
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017
The AV-Comparatives Guide to the Best Cybersecurity Solutions of 2017
 
Common tasks oct 2012
Common tasks oct 2012Common tasks oct 2012
Common tasks oct 2012
 
Avc prot 2016a_en
Avc prot 2016a_enAvc prot 2016a_en
Avc prot 2016a_en
 
Avc prot 2013a_en
Avc prot 2013a_enAvc prot 2013a_en
Avc prot 2013a_en
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
 
Conf2014_SplunkSecurityNinjutsu
Conf2014_SplunkSecurityNinjutsuConf2014_SplunkSecurityNinjutsu
Conf2014_SplunkSecurityNinjutsu
 
Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)
 
Getting started with Octopus Deploy
Getting started with Octopus DeployGetting started with Octopus Deploy
Getting started with Octopus Deploy
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applications
 
Continuous Integration for Beginners
Continuous Integration for BeginnersContinuous Integration for Beginners
Continuous Integration for Beginners
 
Yow connected developing secure i os applications
Yow connected   developing secure i os applicationsYow connected   developing secure i os applications
Yow connected developing secure i os applications
 
7 testing principles
7 testing principles7 testing principles
7 testing principles
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 
SOC-BlueTEam.pdf
SOC-BlueTEam.pdfSOC-BlueTEam.pdf
SOC-BlueTEam.pdf
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 

Mehr von Alexander Loechel

Lightning Talk: Regulation (EU) 2018/1724 "Single Digital Gateway" & the "You...
Lightning Talk: Regulation (EU) 2018/1724 "Single Digital Gateway" & the "You...Lightning Talk: Regulation (EU) 2018/1724 "Single Digital Gateway" & the "You...
Lightning Talk: Regulation (EU) 2018/1724 "Single Digital Gateway" & the "You...Alexander Loechel
 
The Plone is dead, long live the Plone!
The Plone is dead, long live the Plone!The Plone is dead, long live the Plone!
The Plone is dead, long live the Plone!Alexander Loechel
 
We are the Plone Collective. Resistance is futile. Assimilation is inevitable.
We are the Plone Collective. Resistance is futile. Assimilation is inevitable.We are the Plone Collective. Resistance is futile. Assimilation is inevitable.
We are the Plone Collective. Resistance is futile. Assimilation is inevitable.Alexander Loechel
 
Plone.org Improvements - Plone Addon Listing
Plone.org Improvements - Plone Addon ListingPlone.org Improvements - Plone Addon Listing
Plone.org Improvements - Plone Addon ListingAlexander Loechel
 
Sphinx options to make training documentation easier to understand
Sphinx options to make training documentation easier to understandSphinx options to make training documentation easier to understand
Sphinx options to make training documentation easier to understandAlexander Loechel
 
Web Content-Management-Systeme the Past - the Present - the Future
Web Content-Management-Systeme the Past - the Present - the FutureWeb Content-Management-Systeme the Past - the Present - the Future
Web Content-Management-Systeme the Past - the Present - the FutureAlexander Loechel
 
Plone, the Python CMS & Web Framework for Advanced Topics and Non-Developers
Plone, the Python CMS & Web Framework for Advanced Topics and Non-DevelopersPlone, the Python CMS & Web Framework for Advanced Topics and Non-Developers
Plone, the Python CMS & Web Framework for Advanced Topics and Non-DevelopersAlexander Loechel
 
Plone im Kontext des WCMS Marktes
Plone im Kontext des WCMS MarktesPlone im Kontext des WCMS Marktes
Plone im Kontext des WCMS MarktesAlexander Loechel
 
Web Accessibility for Web Developers
Web Accessibility for Web DevelopersWeb Accessibility for Web Developers
Web Accessibility for Web DevelopersAlexander Loechel
 
World Plone Day 2017 - Plone 5.1
World Plone Day 2017 - Plone 5.1World Plone Day 2017 - Plone 5.1
World Plone Day 2017 - Plone 5.1Alexander Loechel
 
Plone - A History of Python Web
Plone - A History of Python WebPlone - A History of Python Web
Plone - A History of Python WebAlexander Loechel
 

Mehr von Alexander Loechel (14)

Lightning Talk: Regulation (EU) 2018/1724 "Single Digital Gateway" & the "You...
Lightning Talk: Regulation (EU) 2018/1724 "Single Digital Gateway" & the "You...Lightning Talk: Regulation (EU) 2018/1724 "Single Digital Gateway" & the "You...
Lightning Talk: Regulation (EU) 2018/1724 "Single Digital Gateway" & the "You...
 
The Plone is dead, long live the Plone!
The Plone is dead, long live the Plone!The Plone is dead, long live the Plone!
The Plone is dead, long live the Plone!
 
We are the Plone Collective. Resistance is futile. Assimilation is inevitable.
We are the Plone Collective. Resistance is futile. Assimilation is inevitable.We are the Plone Collective. Resistance is futile. Assimilation is inevitable.
We are the Plone Collective. Resistance is futile. Assimilation is inevitable.
 
Plone.org Improvements - Plone Addon Listing
Plone.org Improvements - Plone Addon ListingPlone.org Improvements - Plone Addon Listing
Plone.org Improvements - Plone Addon Listing
 
Plone, quo vadis?
Plone, quo vadis?Plone, quo vadis?
Plone, quo vadis?
 
Sphinx options to make training documentation easier to understand
Sphinx options to make training documentation easier to understandSphinx options to make training documentation easier to understand
Sphinx options to make training documentation easier to understand
 
Web Content-Management-Systeme the Past - the Present - the Future
Web Content-Management-Systeme the Past - the Present - the FutureWeb Content-Management-Systeme the Past - the Present - the Future
Web Content-Management-Systeme the Past - the Present - the Future
 
Plone, the Python CMS & Web Framework for Advanced Topics and Non-Developers
Plone, the Python CMS & Web Framework for Advanced Topics and Non-DevelopersPlone, the Python CMS & Web Framework for Advanced Topics and Non-Developers
Plone, the Python CMS & Web Framework for Advanced Topics and Non-Developers
 
Plone im Kontext des WCMS Marktes
Plone im Kontext des WCMS MarktesPlone im Kontext des WCMS Marktes
Plone im Kontext des WCMS Marktes
 
Web Accessibility for Web Developers
Web Accessibility for Web DevelopersWeb Accessibility for Web Developers
Web Accessibility for Web Developers
 
Doing the Impossible
Doing the ImpossibleDoing the Impossible
Doing the Impossible
 
Modern Python Testing
Modern Python TestingModern Python Testing
Modern Python Testing
 
World Plone Day 2017 - Plone 5.1
World Plone Day 2017 - Plone 5.1World Plone Day 2017 - Plone 5.1
World Plone Day 2017 - Plone 5.1
 
Plone - A History of Python Web
Plone - A History of Python WebPlone - A History of Python Web
Plone - A History of Python Web
 

Kürzlich hochgeladen

Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxnaveenithkrishnan
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSedrianrheine
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteMavein
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024Jan Löffler
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpressssuser166378
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdfShreedeep Rayamajhi
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfmchristianalwyn
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Shubham Pant
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsRoxana Stingu
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilitiesalihassaah1994
 

Kürzlich hochgeladen (12)

Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpress
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilities
 

Lightning Talk: Security matters @ploneconf 2014

  • 1. Security Matters Alexander Loechel on plone.app.vulneritilities plone.vulnerabilitychecks.* plone.hud PLONE CONFERENCE BRISTOL 2014
  • 2. Studies on Security • Security Study on Content Management Systems published by the German Federal Office for Information Security May 2013 • Take at least 15 min / day / system - Look for updates - Apply Patches
  • 3. „You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before … after the announcement.“ Drupal Security Team
  • 7. JSON from plone.org and pypi.python.org
  • 8. Supply Information • Check for vulnerabilities on Plone installs: • plone.vulnerabilitychecks.instance_startup —> disable or warn on startup • plone.vulnerabilitychecks.buildout —> warn or stop buildout • plone.vulnerabilitychecks.tests —> For CI Tests • plone.vulnerabilitycheckes.controlpanel —> Version Information View • buildout.autoapplyplonehotfixes • —> github.com/loechel/ • dependencies: • plone.vulnerabilitychecks.core —> JSON <— plone.app.vulnerabilities
  • 9. Future Work • Sprinting on that • Include up-to-date lone.app.vulnerabilities in plone.org and keep Information up-to-date • May a PLIP to include those Packages in the Installers as a out-commented option with documentation • Make people more aware of Plone Security