Expand my Community achievements bar.

SOLVED

AEM Security vulnerability scan

Avatar

Community Advisor

Hi All -  We are using OWASP ZAP open source tool to find the vulnerability in the websites and the result doesn't show the paths supposed to be blocked from dispatcher side [0]. When we were in AMS platform - Adobe CSE used to perform the security vulnerability scan on a monthly basis and shares the paths should be blocked from dispatcher like [0] if they find anything.

 

Can you please suggest a tool that tells what are all the paths supposed to be blocked from dispatcher side (to improve the security of the website)

 

[0]

/content.json
/content.1.json
/content.infinity.json
/content.xml
/content.1.xml
/content.feed.xml

 

Regards,

Raja

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @Raja-kp ,

 

You can prepare the custom script like mentioned below and validate ,it none of the urls should return 200

 

https://hashimkhan.in/2018/03/13/tool-for-dispatcher-security/ 

View solution in original post

4 Replies

Avatar

Correct answer by
Community Advisor

Hi @Raja-kp ,

 

You can prepare the custom script like mentioned below and validate ,it none of the urls should return 200

 

https://hashimkhan.in/2018/03/13/tool-for-dispatcher-security/ 

Avatar

Level 4

Hi @Raja-kp,

You can refer the Adobe documentation https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/dispatcher-c... which lists the paths which should be blocked from dispatcher.

 

Hope it helps!

 

Regards,

Manpreet

 

Avatar

Community Advisor

Thanks for your response - we have already blocked all the paths mentioned in above mentioned Adobe document, but still we have to run the security scan every quarter to identify the vulnerabilities in AEM.