ARTICLE AD BOX
Hi everyone,
I’m starting a new project with specific compliance requirements and would love to hear your experiences. We need to build a platform that handles front-end and back-end content publishing, user permissions, and custom forms.
Key Requirements:
Security & Compliance: The project must pass White-box testing (SAST/DAST). We need to ensure the source code and its dependencies are audit-friendly.
Permissions: A granular RBAC (Role-Based Access Control) system for both administrative staff and front-end users.
Content Workflow: A robust engine for publishing posts from both the back-office and the front-end (User-generated content).
Form Management: Flexible form building and data submission handling.
The Comparison:
Orchard Core: We like its modularity and the fact that it’s built on modern ASP.NET Core. However, I’ve heard its architecture is highly abstracted. Does this typically cause issues or "noise" during White-box security scans?
Umbraco: It seems very stable for content editing. How easy is it to implement a front-end posting mechanism compared to Orchard?
Custom Build: Given the strict security audit, would building a clean, minimal ASP.NET Core application be more efficient than trying to "fix" or "justify" security flags in a large CMS framework?
My Question:
For a project where code auditability is as important as functionality, which path would you recommend? Is one of these CMSs known for being more "security-audit friendly" out of the box?
Thanks in advance!
