During one of our latest AEM projects here at 3|SHARE, we exposed our digital environment to an "Invasion Test" - an activity conducted to simulate an attacker looking to:
1. Identify the technical vulnerabilities of the application;
2. Determine the impact of compromising the confidentiality of internal data, integrity and availability of the application and its information;
The attacks were carried out in the Black-Box mode, in which the attacker has no information about the environment, simulating a hacker.
Define and Implement Security Headers
HTTP security headers can increase the security of your application. Once defined, these HTTP response headers can prevent certain vulnerabilities when running in modern browsers.
Enable Content Security Policy (CSP) on your Web Server
CSP is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks.