Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

AEM Security vulnerability scan

Avatar

Community Advisor

Hi All -  We are using OWASP ZAP open source tool to find the vulnerability in the websites and the result doesn't show the paths supposed to be blocked from dispatcher side [0]. When we were in AMS platform - Adobe CSE used to perform the security vulnerability scan on a monthly basis and shares the paths should be blocked from dispatcher like [0] if they find anything.

 

Can you please suggest a tool that tells what are all the paths supposed to be blocked from dispatcher side (to improve the security of the website)

 

[0]

/content.json
/content.1.json
/content.infinity.json
/content.xml
/content.1.xml
/content.feed.xml

 

Regards,

Raja

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @Raja-kp ,

 

You can prepare the custom script like mentioned below and validate ,it none of the urls should return 200

 

https://hashimkhan.in/2018/03/13/tool-for-dispatcher-security/ 

View solution in original post

4 Replies

Avatar

Correct answer by
Community Advisor

Hi @Raja-kp ,

 

You can prepare the custom script like mentioned below and validate ,it none of the urls should return 200

 

https://hashimkhan.in/2018/03/13/tool-for-dispatcher-security/ 

Avatar

Level 4

Hi @Raja-kp,

You can refer the Adobe documentation https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/dispatcher-c... which lists the paths which should be blocked from dispatcher.

 

Hope it helps!

 

Regards,

Manpreet

 

Avatar

Community Advisor

Thanks for your response - we have already blocked all the paths mentioned in above mentioned Adobe document, but still we have to run the security scan every quarter to identify the vulnerabilities in AEM.