Why do we need to do an analysis of Dotnetnuke security?
Many companies have an inherent distrust of open source applications, reasoning (incorrectly IMHO), that something put together by a community for 'free' can never be as safe and secure as a 'professional' product from a more traditional bricks-and-mortar establishment. This allied with some negative publicity for other well known portal products, persuaded me to put together a few notes that hopefully will help anyone who's interested in Dotnetnuke, and perhaps need to persuade a hesitant manager.
I think it's counterproductive to measure the security of a web application by the number of exploits developed for it, so I've tried to document how Dotnetnuke measures up against a few common web application vulnerabilities lists.
|