SlideShare a Scribd company logo

Contextual Plone Security SaaS & SOA

Ken Wasetis
Ken Wasetis
Technology
1 of 11
Download to read offline
Plone Security, SaaS, & SOA Ken Wasetis . President, Contextual Corp. ken.wasetis@contextualcorp.com twitter . irc . skype: ctxlken http://www.contextualcorp.com Saturday, November 5, 2011
PLONE SECURITY / SAAS / SOA What Makes Plone Secure? Security Analyses Making Plone Even More Secure Integration Capabilities Existing Service Connectors Add-on Modules http://www.contextualcorp.com Saturday, November 5, 2011
PLONE SECURITY Python and Zope are Secure: No Known Buffer Overflow Vulnerabilities in Python Fine-grained Permissions (at every object level) in Zope True ACLs in Zope Workflow Permissions for Groups/Users/Roles http://www.contextualcorp.com Saturday, November 5, 2011
PLONE SECURITY All Form Data gets Validated (ensures proper types/values) Pluggable Authentication Services (PAS are stackable, orderable) Integration with LDAP, AD, Shibboleth, CAS, OpenID, ... Default settings disallow/strip potentially malicious code from content (prevent cross-site scripting) <script>, <embed>, <object>, <form> ... Used by DoD, FBI, NASA, Google, Navy, U.S. Air Force, Royal Bank of Scotland, ... http://www.contextualcorp.com Saturday, November 5, 2011
PLONE SECURITY By Nature of What It Does NOT Use: Not forced to use SQL (no SQL injection vulnerabilities) See: http://en.wikipedia.org/wiki/Sql_injection Not forced to run on Windows (as with .Net-based tools) Plone error pages do not reveal server/app information Dedicated release manager Professional development processes More info: http://plone.org/products/plone/security/overview http://www.contextualcorp.com Saturday, November 5, 2011
Plone Security Department of Homeland Security CVE/CCE Vulnerability Database: http://cve.mitre.org Plone Metrics Blog: http://plonemetrics.blogspot.com/2010/04/cms-security.html http://www.contextualcorp.com Saturday, November 5, 2011
Plone and SOA SOA = Service Oriented Architecture (FB/Twitter APIs) SaaS = Software as a Service (Salesforce.com, etc.) Built-in XML-RPC SOAP and other Python libraries Authentication via LDAP, AD, OpenID, SQL, CAS, Facebook, many other PAS Custom PAS / Single Sign-On Diazo for Seamless Theme Experience (Plone, .Net, PHP, Java SaaS apps) http://www.contextualcorp.com Saturday, November 5, 2011
MAKE PLONE EVEN MORE SECURE LoginLockout Add-on (max attempts, then lockout duration) PasswordStrength Add-on (editable regex rules/validation messages) - Must contain alpha + num - Must contain 8-12 characters - No repeating characters - Must contain special characters... Stay Current on Versions (OS, Web Server, Python, Zope, Plone, Add-ons) Securely Configure Your Web and Mail Servers (Apache, ngnix, etc.) SSL http://www.contextualcorp.com Saturday, November 5, 2011
Plone Security In Action Here we go! http://www.contextualcorp.com Saturday, November 5, 2011
Ken Wasetis President, Contextual Corp. ken.wasetis@contextualcorp.com http://www.contextualcorp.com twitter . irc . skype: ctxlken Saturday, November 5, 2011
Case Studies UCLA RE-AMP IARP Cleversafe Chicago History Museum College of American Pathologists Live Nation / Clear Channel / Feld http://www.contextualcorp.com Saturday, November 5, 2011

Recommended

Management Framework
Management FrameworkManagement Framework
Management FrameworkJeroen Aalbers
 
Chpters 5-6
Chpters 5-6Chpters 5-6
Chpters 5-6guest3919b
 
Word Coach - Pitt Sept 08
Word Coach - Pitt Sept 08Word Coach - Pitt Sept 08
Word Coach - Pitt Sept 08r21270
 
Noves Tecn
Noves TecnNoves Tecn
Noves Tecnquartera
 
Hlthcare & Media Midterm Exam F.08
Hlthcare & Media Midterm Exam F.08Hlthcare & Media Midterm Exam F.08
Hlthcare & Media Midterm Exam F.08guestab8a357
 
Caridy patino - node-js
Caridy patino - node-jsCaridy patino - node-js
Caridy patino - node-jsStarTech Conference
 
Conquistando el Servidor con Node.JS
Conquistando el Servidor con Node.JSConquistando el Servidor con Node.JS
Conquistando el Servidor con Node.JSCaridy Patino
 
node.js for front-end developers
node.js for front-end developersnode.js for front-end developers
node.js for front-end developersGarann Means
 

Recommended

Management Framework
Management FrameworkManagement Framework
Management FrameworkJeroen Aalbers
 
Chpters 5-6
Chpters 5-6Chpters 5-6
Chpters 5-6guest3919b
 
Word Coach - Pitt Sept 08
Word Coach - Pitt Sept 08Word Coach - Pitt Sept 08
Word Coach - Pitt Sept 08r21270
 
Noves Tecn
Noves TecnNoves Tecn
Noves Tecnquartera
 
Hlthcare & Media Midterm Exam F.08
Hlthcare & Media Midterm Exam F.08Hlthcare & Media Midterm Exam F.08
Hlthcare & Media Midterm Exam F.08guestab8a357
 
Caridy patino - node-js
Caridy patino - node-jsCaridy patino - node-js
Caridy patino - node-jsStarTech Conference
 
Conquistando el Servidor con Node.JS
Conquistando el Servidor con Node.JSConquistando el Servidor con Node.JS
Conquistando el Servidor con Node.JSCaridy Patino
 
node.js for front-end developers
node.js for front-end developersnode.js for front-end developers
node.js for front-end developersGarann Means
 
잘 알려지지 않은 Php 코드 활용하기
잘 알려지지 않은 Php 코드 활용하기잘 알려지지 않은 Php 코드 활용하기
잘 알려지지 않은 Php 코드 활용하기형우 안
 
international PHP2011_ilia alshanetsky_Hidden Features of PHP
international PHP2011_ilia alshanetsky_Hidden Features of PHPinternational PHP2011_ilia alshanetsky_Hidden Features of PHP
international PHP2011_ilia alshanetsky_Hidden Features of PHPsmueller_sandsmedia
 
Business of APIs Conference 2011 - YourTrove
Business of APIs Conference 2011 - YourTroveBusiness of APIs Conference 2011 - YourTrove
Business of APIs Conference 2011 - YourTroveMashery
 
Melding React with the Ultra Secure Plone Content Repository
Melding React with the Ultra Secure Plone Content RepositoryMelding React with the Ultra Secure Plone Content Repository
Melding React with the Ultra Secure Plone Content RepositoryT. Kim Nguyen
 
How to build a high performance scalable infrastructure in under 5 minutes
How to build a high performance scalable infrastructure in under 5 minutesHow to build a high performance scalable infrastructure in under 5 minutes
How to build a high performance scalable infrastructure in under 5 minutesdavemssavage
 
The Fast, The Slow and the Lazy
The Fast, The Slow and the LazyThe Fast, The Slow and the Lazy
The Fast, The Slow and the LazyMaurício Linhares
 
Jared Whitlock Open Source In The Enterprise Plone @ Novell
Jared Whitlock Open Source In The Enterprise Plone @ NovellJared Whitlock Open Source In The Enterprise Plone @ Novell
Jared Whitlock Open Source In The Enterprise Plone @ NovellVincenzo Barone
 
ApacheCon NA 2011 report
ApacheCon NA 2011 reportApacheCon NA 2011 report
ApacheCon NA 2011 reportKoji Kawamura
 
Using+javascript+to+build+native+i os+applications
Using+javascript+to+build+native+i os+applicationsUsing+javascript+to+build+native+i os+applications
Using+javascript+to+build+native+i os+applicationsMuhammad Ikram Ul Haq
 
How Plone's Security Works
How Plone's Security WorksHow Plone's Security Works
How Plone's Security WorksMatthew Wilkes
 
Symony2 A Next Generation PHP Framework
Symony2 A Next Generation PHP FrameworkSymony2 A Next Generation PHP Framework
Symony2 A Next Generation PHP FrameworkRyan Weaver
 
Web Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & CountermeasuresWeb Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & CountermeasuresPraetorian
 
Contextual Tour of Plone - (a top open source web content management system)
Contextual Tour of Plone - (a top open source web content management system)Contextual Tour of Plone - (a top open source web content management system)
Contextual Tour of Plone - (a top open source web content management system)Ken Wasetis
 
Fosdem chef-101-app-deploy
Fosdem chef-101-app-deployFosdem chef-101-app-deploy
Fosdem chef-101-app-deployjtimberman
 
Groke
GrokeGroke
GrokeJanne Kuuskeri
 
Apachecon 2011 stanbol_ogrisel
Apachecon 2011 stanbol_ogriselApachecon 2011 stanbol_ogrisel
Apachecon 2011 stanbol_ogriselNuxeo
 
Apache Stanbol 
and the Web of Data - ApacheCon 2011
Apache Stanbol 
and the Web of Data - ApacheCon 2011Apache Stanbol 
and the Web of Data - ApacheCon 2011
Apache Stanbol 
and the Web of Data - ApacheCon 2011Nuxeo
 
Wpd09 Sydney
Wpd09 SydneyWpd09 Sydney
Wpd09 Sydneyvirginiachoy
 
Opera Mobile HTML5 CSS3 Standards
Opera Mobile HTML5 CSS3 StandardsOpera Mobile HTML5 CSS3 Standards
Opera Mobile HTML5 CSS3 StandardsZi Bin Cheah
 
A Look at the Future of HTML5
A Look at the Future of HTML5A Look at the Future of HTML5
A Look at the Future of HTML5Tim Wright
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

More Related Content

Similar to Contextual Plone Security SaaS & SOA

잘 알려지지 않은 Php 코드 활용하기
잘 알려지지 않은 Php 코드 활용하기잘 알려지지 않은 Php 코드 활용하기
잘 알려지지 않은 Php 코드 활용하기형우 안
 
international PHP2011_ilia alshanetsky_Hidden Features of PHP
international PHP2011_ilia alshanetsky_Hidden Features of PHPinternational PHP2011_ilia alshanetsky_Hidden Features of PHP
international PHP2011_ilia alshanetsky_Hidden Features of PHPsmueller_sandsmedia
 
Business of APIs Conference 2011 - YourTrove
Business of APIs Conference 2011 - YourTroveBusiness of APIs Conference 2011 - YourTrove
Business of APIs Conference 2011 - YourTroveMashery
 
Melding React with the Ultra Secure Plone Content Repository
Melding React with the Ultra Secure Plone Content RepositoryMelding React with the Ultra Secure Plone Content Repository
Melding React with the Ultra Secure Plone Content RepositoryT. Kim Nguyen
 
How to build a high performance scalable infrastructure in under 5 minutes
How to build a high performance scalable infrastructure in under 5 minutesHow to build a high performance scalable infrastructure in under 5 minutes
How to build a high performance scalable infrastructure in under 5 minutesdavemssavage
 
The Fast, The Slow and the Lazy
The Fast, The Slow and the LazyThe Fast, The Slow and the Lazy
The Fast, The Slow and the LazyMaurício Linhares
 
Jared Whitlock Open Source In The Enterprise Plone @ Novell
Jared Whitlock Open Source In The Enterprise Plone @ NovellJared Whitlock Open Source In The Enterprise Plone @ Novell
Jared Whitlock Open Source In The Enterprise Plone @ NovellVincenzo Barone
 
ApacheCon NA 2011 report
ApacheCon NA 2011 reportApacheCon NA 2011 report
ApacheCon NA 2011 reportKoji Kawamura
 
Using+javascript+to+build+native+i os+applications
Using+javascript+to+build+native+i os+applicationsUsing+javascript+to+build+native+i os+applications
Using+javascript+to+build+native+i os+applicationsMuhammad Ikram Ul Haq
 
How Plone's Security Works
How Plone's Security WorksHow Plone's Security Works
How Plone's Security WorksMatthew Wilkes
 
Symony2 A Next Generation PHP Framework
Symony2 A Next Generation PHP FrameworkSymony2 A Next Generation PHP Framework
Symony2 A Next Generation PHP FrameworkRyan Weaver
 
Web Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & CountermeasuresWeb Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & CountermeasuresPraetorian
 
Contextual Tour of Plone - (a top open source web content management system)
Contextual Tour of Plone - (a top open source web content management system)Contextual Tour of Plone - (a top open source web content management system)
Contextual Tour of Plone - (a top open source web content management system)Ken Wasetis
 
Fosdem chef-101-app-deploy
Fosdem chef-101-app-deployFosdem chef-101-app-deploy
Fosdem chef-101-app-deployjtimberman
 
Apachecon 2011 stanbol_ogrisel
Apachecon 2011 stanbol_ogriselApachecon 2011 stanbol_ogrisel
Apachecon 2011 stanbol_ogriselNuxeo
 
Apache Stanbol 
and the Web of Data - ApacheCon 2011
Apache Stanbol 
and the Web of Data - ApacheCon 2011Apache Stanbol 
and the Web of Data - ApacheCon 2011
Apache Stanbol 
and the Web of Data - ApacheCon 2011Nuxeo
 
Opera Mobile HTML5 CSS3 Standards
Opera Mobile HTML5 CSS3 StandardsOpera Mobile HTML5 CSS3 Standards
Opera Mobile HTML5 CSS3 StandardsZi Bin Cheah
 
A Look at the Future of HTML5
A Look at the Future of HTML5A Look at the Future of HTML5
A Look at the Future of HTML5Tim Wright
 

Similar to Contextual Plone Security SaaS & SOA (20)

잘 알려지지 않은 Php 코드 활용하기
잘 알려지지 않은 Php 코드 활용하기잘 알려지지 않은 Php 코드 활용하기
잘 알려지지 않은 Php 코드 활용하기
 
international PHP2011_ilia alshanetsky_Hidden Features of PHP
international PHP2011_ilia alshanetsky_Hidden Features of PHPinternational PHP2011_ilia alshanetsky_Hidden Features of PHP
international PHP2011_ilia alshanetsky_Hidden Features of PHP
 
Business of APIs Conference 2011 - YourTrove
Business of APIs Conference 2011 - YourTroveBusiness of APIs Conference 2011 - YourTrove
Business of APIs Conference 2011 - YourTrove
 
Melding React with the Ultra Secure Plone Content Repository
Melding React with the Ultra Secure Plone Content RepositoryMelding React with the Ultra Secure Plone Content Repository
Melding React with the Ultra Secure Plone Content Repository
 
How to build a high performance scalable infrastructure in under 5 minutes
How to build a high performance scalable infrastructure in under 5 minutesHow to build a high performance scalable infrastructure in under 5 minutes
How to build a high performance scalable infrastructure in under 5 minutes
 
The Fast, The Slow and the Lazy
The Fast, The Slow and the LazyThe Fast, The Slow and the Lazy
The Fast, The Slow and the Lazy
 
Jared Whitlock Open Source In The Enterprise Plone @ Novell
Jared Whitlock Open Source In The Enterprise Plone @ NovellJared Whitlock Open Source In The Enterprise Plone @ Novell
Jared Whitlock Open Source In The Enterprise Plone @ Novell
 
ApacheCon NA 2011 report
ApacheCon NA 2011 reportApacheCon NA 2011 report
ApacheCon NA 2011 report
 
Using+javascript+to+build+native+i os+applications
Using+javascript+to+build+native+i os+applicationsUsing+javascript+to+build+native+i os+applications
Using+javascript+to+build+native+i os+applications
 
How Plone's Security Works
How Plone's Security WorksHow Plone's Security Works
How Plone's Security Works
 
Symony2 A Next Generation PHP Framework
Symony2 A Next Generation PHP FrameworkSymony2 A Next Generation PHP Framework
Symony2 A Next Generation PHP Framework
 
Web Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & CountermeasuresWeb Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & Countermeasures
 
Contextual Tour of Plone - (a top open source web content management system)
Contextual Tour of Plone - (a top open source web content management system)Contextual Tour of Plone - (a top open source web content management system)
Contextual Tour of Plone - (a top open source web content management system)
 
Fosdem chef-101-app-deploy
Fosdem chef-101-app-deployFosdem chef-101-app-deploy
Fosdem chef-101-app-deploy
 
Groke
GrokeGroke
Groke
 
Apachecon 2011 stanbol_ogrisel
Apachecon 2011 stanbol_ogriselApachecon 2011 stanbol_ogrisel
Apachecon 2011 stanbol_ogrisel
 
Apache Stanbol 
and the Web of Data - ApacheCon 2011
Apache Stanbol 
and the Web of Data - ApacheCon 2011Apache Stanbol 
and the Web of Data - ApacheCon 2011
Apache Stanbol 
and the Web of Data - ApacheCon 2011
 
Wpd09 Sydney
Wpd09 SydneyWpd09 Sydney
Wpd09 Sydney
 
Opera Mobile HTML5 CSS3 Standards
Opera Mobile HTML5 CSS3 StandardsOpera Mobile HTML5 CSS3 Standards
Opera Mobile HTML5 CSS3 Standards
 
A Look at the Future of HTML5
A Look at the Future of HTML5A Look at the Future of HTML5
A Look at the Future of HTML5
 

Recently uploaded

Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Recently uploaded (20)

Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

Contextual Plone Security SaaS & SOA

  • 1. Plone Security, SaaS, & SOA Ken Wasetis . President, Contextual Corp. ken.wasetis@contextualcorp.com twitter . irc . skype: ctxlken http://www.contextualcorp.com Saturday, November 5, 2011
  • 2. PLONE SECURITY / SAAS / SOA What Makes Plone Secure? Security Analyses Making Plone Even More Secure Integration Capabilities Existing Service Connectors Add-on Modules http://www.contextualcorp.com Saturday, November 5, 2011
  • 3. PLONE SECURITY Python and Zope are Secure: No Known Buffer Overflow Vulnerabilities in Python Fine-grained Permissions (at every object level) in Zope True ACLs in Zope Workflow Permissions for Groups/Users/Roles http://www.contextualcorp.com Saturday, November 5, 2011
  • 4. PLONE SECURITY All Form Data gets Validated (ensures proper types/values) Pluggable Authentication Services (PAS are stackable, orderable) Integration with LDAP, AD, Shibboleth, CAS, OpenID, ... Default settings disallow/strip potentially malicious code from content (prevent cross-site scripting) <script>, <embed>, <object>, <form> ... Used by DoD, FBI, NASA, Google, Navy, U.S. Air Force, Royal Bank of Scotland, ... http://www.contextualcorp.com Saturday, November 5, 2011
  • 5. PLONE SECURITY By Nature of What It Does NOT Use: Not forced to use SQL (no SQL injection vulnerabilities) See: http://en.wikipedia.org/wiki/Sql_injection Not forced to run on Windows (as with .Net-based tools) Plone error pages do not reveal server/app information Dedicated release manager Professional development processes More info: http://plone.org/products/plone/security/overview http://www.contextualcorp.com Saturday, November 5, 2011
  • 6. Plone Security Department of Homeland Security CVE/CCE Vulnerability Database: http://cve.mitre.org Plone Metrics Blog: http://plonemetrics.blogspot.com/2010/04/cms-security.html http://www.contextualcorp.com Saturday, November 5, 2011
  • 7. Plone and SOA SOA = Service Oriented Architecture (FB/Twitter APIs) SaaS = Software as a Service (Salesforce.com, etc.) Built-in XML-RPC SOAP and other Python libraries Authentication via LDAP, AD, OpenID, SQL, CAS, Facebook, many other PAS Custom PAS / Single Sign-On Diazo for Seamless Theme Experience (Plone, .Net, PHP, Java SaaS apps) http://www.contextualcorp.com Saturday, November 5, 2011
  • 8. MAKE PLONE EVEN MORE SECURE LoginLockout Add-on (max attempts, then lockout duration) PasswordStrength Add-on (editable regex rules/validation messages) - Must contain alpha + num - Must contain 8-12 characters - No repeating characters - Must contain special characters... Stay Current on Versions (OS, Web Server, Python, Zope, Plone, Add-ons) Securely Configure Your Web and Mail Servers (Apache, ngnix, etc.) SSL http://www.contextualcorp.com Saturday, November 5, 2011
  • 9. Plone Security In Action Here we go! http://www.contextualcorp.com Saturday, November 5, 2011
  • 10. Ken Wasetis President, Contextual Corp. ken.wasetis@contextualcorp.com http://www.contextualcorp.com twitter . irc . skype: ctxlken Saturday, November 5, 2011
  • 11. Case Studies UCLA RE-AMP IARP Cleversafe Chicago History Museum College of American Pathologists Live Nation / Clear Channel / Feld http://www.contextualcorp.com Saturday, November 5, 2011