Last release

• Added MIT License file
• Added support for RTL languages
• Added check for Dnn 9
• Performance improvements

Important

If you are using Dnn 9, do not install this module, the new security analyzer is built in the Persona Bar since Dnn 9.

If you are upgrading a Dnn site to Dnn 9, this module should be uninstalled since the new security analyzer is built in the Person Bar since Dnn 9.

Auto update Telerik web.config entries and perf fix for hidden file check

• This build automatically applies missing Telerik's security related web.config entries. Upon first load of Security Analyzer, you may see Telerik web.config related warning. The warning should go away after a page refresh.

• Often Security Analyzer timed out during first load on sites with larger number of files. We have moved that functionality out. Now, you can click on a button to run that separately. We are seeing running it manually to be not causing any timeouts.
  

Update on Telerik Security Detection

Security Analyzer can warn if your DNN site is using an insecure version of Telerik.Web.UI.DLL. Recently, we released an updated version of this DLL. The Security Analyzer had to be updated as well to register the new version of this assembly.

The following changes went into this release:

• Ignoring deleted Super Users from the "Check if superusers are not regularly changing passwords" check (pull request #26 ).
• Remove unnecessary exceptions in the "Check for extra disk/folders access" where site didn't have ANY permission to few folders (pull request #19 ).
• Updated the checks to take into consideration the latest Telerik patch (HotFix2017.1-1.2.0).
• Automatically create Telerik.Upload.ConfigurationHashKey web.config entry when not present.

More details about the reasons behind this update can be found here: http://www.dnnsoftware.com/community-blog/cid/155449/critical-security-update--september2017

Minor maintenance

This release is a quick follow on to the 8.1.0 release done a day earlier. It has the following changes:
SecurityAnalyzer_08.01.01_Install.zip

1. Auto add Telerik key
2. Better error handling

Fix for 2017-08 (Critical) - possible remote code execution on DNN sites

This release of Security Analyzer provides fix for the critical security issue - 2017-08 (Critical) - Possible remote code execution on DNN sites. Tool should be applied on ALL DNN and Evoq versions 5.6.2 up until 9.1.1.

More details about the tool can be found here:
http://www.dnnsoftware.com/community-blog/cid/155438/new-release-of-dnn-security-analyzer

Additional Audit Checks

SecurityAnalyzer_08.00.02_Source.zip
Last year we released a stand-alone security tool to check if your DNN site is configured correctly from security point of view. This tool was very well received by our customers and community. In light of the recent security incident on DNN sites, we decided to update this tool to detect additional misconfigurations.

More details here: http://www.dnnsoftware.com/community-blog/cid/155364/updates-to-security-analyzer-tool

Initial Release

The DNN Security Analyzer is a module aimed at helping you to improve the security on your DNN website. This initial version of the module automatically resolves a recently discovered issue with the InstallWizard and provides helpful guidance on other potential configuration issues which might leave your site vulnerable. In addition this release includes the ability to scan your database and files for a specific word or phrase which is useful to help track down defacement issues on your site.

This module will become a standard part of the DNN Platform distribution starting with DNN 7.4.1. We wanted to get this module into the community's hands as quickly as possible and have made this version compatible with DNN 6.2.0 and above.

Fix resx key

This is a small release to fix a resx key.

Fix icons

This is a small release to fix the module icons. This also fixes some packaging issues.