Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Adobe Experience Manager (AEM) - Taking Application Security to the Next Level | AEM Community Blog Seeding

Avatar

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,157 likes

Total Posts

6,247 posts

Correct Reply

1,144 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,157 likes

Total Posts

6,247 posts

Correct Reply

1,144 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile
kautuk_sahni
Community Manager

17-05-2021

BlogImage.jpg

Adobe Experience Manager (AEM) - Taking Application Security to the Next Level by DAVID TRUCHE

Abstract

During one of our latest AEM projects here at 3|SHARE, we exposed our digital environment to an "Invasion Test" - an activity conducted to simulate an attacker looking to:
1. Identify the technical vulnerabilities of the application;
2. Determine the impact of compromising the confidentiality of internal data, integrity and availability of the application and its information;

The attacks were carried out in the Black-Box mode, in which the attacker has no information about the environment, simulating a hacker.

Define and Implement Security Headers
HTTP security headers can increase the security of your application. Once defined, these HTTP response headers can prevent certain vulnerabilities when running in modern browsers.

Enable Content Security Policy (CSP) on your Web Server
Content-Security-Policy is the name of an HTTP response header that modern browsers use to enhance the security of the document. The Content-Security-Policy header allows you to restrict how resources such as JavaScript, CSS, or pretty much anything that the browser loads.

CSP is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks.

Read Full Blog

Adobe Experience Manager (AEM) - Taking Application Security to the Next Level

Q&A

Please use this thread to ask the related questions.

AEM AEMEBlogSeeding Experience Manager