Sitefinity Web Security Module
Sitefinity’s web security module allows users to configure HTTP security headers, redirect, and referrer validation for maximum security against attacks. The software also has HTML and SVG sanitization to ward off dangerous HTML and even XSS attacks as well as prevent dangerous user input respectively.
Possible attacks include content sniffing, cross-site scripting (XSS), clickjacking, stealing or modifying data in transit (man-in-the-middle), and code injection. On top of that, the internal redirect and referrer validation processes provide protection against attacks like Open Redirect and Cross-site Request Forgery. These Sitefinity web security best practices eliminate a wide range of threats to the Sitefinity web application and its users’ data.
As for the HTTP headers, the Sitefinity CMS system sends them to browsers (web clients) to configure and activate their built-in security features. This creates a cohesive shield that covers vulnerable attack surfaces. Additionally, the platform filters any web service calls and redirects to domains that are invalidated. However, the main responsibility of the configuration of hardening still lies with the user. Administrators should set permissions and access based controls so that no one except approved individuals can turn off the Sitefinity web security module or any of its features.