Adobe Experience Manager (AEM) - Taking Application Security to the Next Level | AEM Community Blog Seeding

Adobe Experience Manager (AEM) - Taking Application Security to the Next Level by DAVID TRUCHE

Abstract

During one of our latest AEM projects here at 3|SHARE, we exposed our digital environment to an "Invasion Test" - an activity conducted to simulate an attacker looking to:
1. Identify the technical vulnerabilities of the application;
2. Determine the impact of compromising the confidentiality of internal data, integrity and availability of the application and its information;

The attacks were carried out in the Black-Box mode, in which the attacker has no information about the environment, simulating a hacker.

Define and Implement Security Headers
HTTP security headers can increase the security of your application. Once defined, these HTTP response headers can prevent certain vulnerabilities when running in modern browsers.

Enable Content Security Policy (CSP) on your Web Server
Content-Security-Policy is the name of an HTTP response header that modern browsers use to enhance the security of the document. The Content-Security-Policy header allows you to restrict how resources such as JavaScript, CSS, or pretty much anything that the browser loads.

CSP is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks.

Read Full Blog

Adobe Experience Manager (AEM) - Taking Application Security to the Next Level

Q&A

Please use this thread to ask the related questions.