Skip to content
This repository has been archived by the owner. It is now read-only.
  • 8.1.5
  • b50f98e
  • Compare
    Choose a tag to compare
    Search for a tag
  • 8.1.5
  • b50f98e
  • Compare
    Choose a tag to compare
    Search for a tag

@valadas valadas released this Dec 15, 2018

  • Added MIT License file
  • Added support for RTL languages
  • Added check for Dnn 9
  • Performance improvements

Important

If you are using Dnn 9, do not install this module, the new security analyzer is built in the Persona Bar since Dnn 9.

If you are upgrading a Dnn site to Dnn 9, this module should be uninstalled since the new security analyzer is built in the Person Bar since Dnn 9.

Assets 3
  • v8.1.4
  • 651df44
  • Compare
    Choose a tag to compare
    Search for a tag
  • v8.1.4
  • 651df44
  • Compare
    Choose a tag to compare
    Search for a tag

@galatrash galatrash released this Dec 7, 2017

  • This build automatically applies missing Telerik's security related web.config entries. Upon first load of Security Analyzer, you may see Telerik web.config related warning. The warning should go away after a page refresh.

  • Often Security Analyzer timed out during first load on sites with larger number of files. We have moved that functionality out. Now, you can click on a button to run that separately. We are seeing running it manually to be not causing any timeouts.
    hiddenfilescheckbutton

Assets 3

@ashishpd ashishpd released this Sep 16, 2017

Security Analyzer can warn if your DNN site is using an insecure version of Telerik.Web.UI.DLL. Recently, we released an updated version of this DLL. The Security Analyzer had to be updated as well to register the new version of this assembly.

The following changes went into this release:

  • Ignoring deleted Super Users from the "Check if superusers are not regularly changing passwords" check (pull request #26 ).
  • Remove unnecessary exceptions in the "Check for extra disk/folders access" where site didn't have ANY permission to few folders (pull request #19 ).
  • Updated the checks to take into consideration the latest Telerik patch (HotFix2017.1-1.2.0).
  • Automatically create Telerik.Upload.ConfigurationHashKey web.config entry when not present.

More details about the reasons behind this update can be found here: http://www.dnnsoftware.com/community-blog/cid/155449/critical-security-update--september2017

Assets 3

@ashishpd ashishpd released this Jul 27, 2017

This release is a quick follow on to the 8.1.0 release done a day earlier. It has the following changes:
SecurityAnalyzer_08.01.01_Install.zip

  1. Auto add Telerik key
  2. Better error handling
Assets 2

@ashishpd ashishpd released this Jul 26, 2017

This release of Security Analyzer provides fix for the critical security issue - 2017-08 (Critical) - Possible remote code execution on DNN sites. Tool should be applied on ALL DNN and Evoq versions 5.6.2 up until 9.1.1.

More details about the tool can be found here:
http://www.dnnsoftware.com/community-blog/cid/155438/new-release-of-dnn-security-analyzer

Assets 3

@ashishpd ashishpd released this Jun 9, 2016

SecurityAnalyzer_08.00.02_Source.zip
Last year we released a stand-alone security tool to check if your DNN site is configured correctly from security point of view. This tool was very well received by our customers and community. In light of the recent security incident on DNN sites, we decided to update this tool to detect additional misconfigurations.

More details here: http://www.dnnsoftware.com/community-blog/cid/155364/updates-to-security-analyzer-tool

Assets 3

@jbrinkman jbrinkman released this Jun 7, 2016

The DNN Security Analyzer is a module aimed at helping you to improve the security on your DNN website. This initial version of the module automatically resolves a recently discovered issue with the InstallWizard and provides helpful guidance on other potential configuration issues which might leave your site vulnerable. In addition this release includes the ability to scan your database and files for a specific word or phrase which is useful to help track down defacement issues on your site.

This module will become a standard part of the DNN Platform distribution starting with DNN 7.4.1. We wanted to get this module into the community's hands as quickly as possible and have made this version compatible with DNN 6.2.0 and above.

audit checks

Assets 3

@kanm2015 kanm2015 released this Jan 19, 2016

This is a small release to fix a resx key.

Assets 3

@jbrinkman jbrinkman released this Sep 17, 2015

This is a small release to fix the module icons. This also fixes some packaging issues.

Assets 3
May 16, 2015
update manifest to indicate the module is azure compliant