You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I get intermittent requests for white papers - typically on security and server recommendations. Not sure if docs would be the right spot, but... maybe?
I get intermittent requests for white papers - typically on security and server recommendations. Not sure if docs would be the right spot, but... maybe?
Community Involvement in Risk Vulnerability Identification
Participant in HakerOne's vulnerability disclosure program https://hackerone.com/expressionengine?type=team
Security reporting guidelines and encouragement of users to report suspected vulnerabilities (https://github.com/ExpressionEngine/ExpressionEngine-User-Guide/blob/6.dev/docs/bugs-and-security-reports.md#security-reporting-guidelines)
Spam prevention
Native integration of Google reCaptcha (https://docs.expressionengine.com/latest/control-panel/settings/captcha.html#recaptcha-v3-settings)
Native spam module that uses machine learning to identify suspect content submissions (https://docs.expressionengine.com/latest/add-ons/spam.html#usage)
Ban access by IP, IP block, or referrer (https://docs.expressionengine.com/latest/add-ons/blocklist.html)
Tools for Website Administrators
Customizable Password Policies (https://docs.expressionengine.com/latest/control-panel/settings/security-privacy.html#password-security-policy)
User agent and IP Requirements for Login (https://docs.expressionengine.com/latest/control-panel/settings/security-privacy.html#require-user-agent-and-ip-for-login)
Recommendations for site hardening (https://docs.expressionengine.com/latest/security/general-tips.html#security-tips)
Security and Privacy for End Users
Native tools to help achieve GDRP (General Data Protection Regulation) compliance (https://docs.expressionengine.com/latest/general/gdpr.html#gdpr-and-expressionengine)
Consent module for fine grained control over user consent to cookies (https://docs.expressionengine.com/latest/add-ons/blocklist.html)
Ability to anonymize user data (https://docs.expressionengine.com/latest/control-panel/member-profile.html#anonymize-user)
Automated Testing
Security checks built into automated testing. Here's an example of a Cross Site Scripting (XSS) check in our Cypress tests.
CVE (Common Vulnerabilities and Exposures) Reports
There have been no known critical level CVE exploits reported in our 20 year history
https://www.cvedetails.com/vulnerability-list/vendor_id-7662/Expressionengine.html
The text was updated successfully, but these errors were encountered: