AEM Security vulnerability scan

Question

Hi All - We are using OWASP ZAP open source tool to find the vulnerability in the websites and the result doesn't show the paths supposed to be blocked from dispatcher side [0]. When we were in AMS platform - Adobe CSE used to perform the security vulnerability scan on a monthly basis and shares the paths should be blocked from dispatcher like [0] if they find anything.

Can you please suggest a tool that tells what are all the paths supposed to be blocked from dispatcher side (to improve the security of the website)

[0]

/content.json
/content.1.json
/content.infinity.json
/content.xml
/content.1.xml
/content.feed.xml

Regards,

Raja

Kishore_Kumar_ · Accepted Answer

Hi @raja-karuppsamy , You can prepare the custom script like mentioned below and validate ,it none of the urls should return 200.  https://hashimkhan.in/2018/03/13/tool-for-dispatcher-security/

manpreetk908 · Answer

Hi @raja-karuppsamy,You can refer the Adobe documentation https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/dispatcher-configuration.html?lang=en#testing-dispatcher-security which lists the paths which should be blocked from dispatcher. Hope it helps! Regards,Manpreet

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded