Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

AEM Security vulnerability scan

Raja-kp
Level 7
Level 7

Hi All -  We are using OWASP ZAP open source tool to find the vulnerability in the websites and the result doesn't show the paths supposed to be blocked from dispatcher side [0]. When we were in AMS platform - Adobe CSE used to perform the security vulnerability scan on a monthly basis and shares the paths should be blocked from dispatcher like [0] if they find anything.

 

Can you please suggest a tool that tells what are all the paths supposed to be blocked from dispatcher side (to improve the security of the website)

 

[0]

/content.json
/content.1.json
/content.infinity.json
/content.xml
/content.1.xml
/content.feed.xml

 

Regards,

Raja

1 Accepted Solution
kishorekumar14
Correct answer by
Level 10
Level 10

Hi @Raja-kp ,

 

You can prepare the custom script like mentioned below and validate ,it none of the urls should return 200

 

https://hashimkhan.in/2018/03/13/tool-for-dispatcher-security/ 

View solution in original post

4 Replies
kishorekumar14
Correct answer by
Level 10
Level 10

Hi @Raja-kp ,

 

You can prepare the custom script like mentioned below and validate ,it none of the urls should return 200

 

https://hashimkhan.in/2018/03/13/tool-for-dispatcher-security/ 

View solution in original post

manpreetk908
Level 4
Level 4

Hi @Raja-kp,

You can refer the Adobe documentation https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/dispatcher-c... which lists the paths which should be blocked from dispatcher.

 

Hope it helps!

 

Regards,

Manpreet

 

Raja-kp
Level 7
Level 7

Thanks for your response - we have already blocked all the paths mentioned in above mentioned Adobe document, but still we have to run the security scan every quarter to identify the vulnerabilities in AEM.