Hi All - We are using OWASP ZAP open source tool to find the vulnerability in the websites and the result doesn't show the paths supposed to be blocked from dispatcher side . When we were in AMS platform - Adobe CSE used to perform the security vulnerability scan on a monthly basis and shares the paths should be blocked from dispatcher like  if they find anything.
Can you please suggest a tool that tells what are all the paths supposed to be blocked from dispatcher side (to improve the security of the website)
Solved! Go to Solution.
You can refer the Adobe documentation https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/dispatcher-c... which lists the paths which should be blocked from dispatcher.
Hope it helps!
Thanks for your response - we have already blocked all the paths mentioned in above mentioned Adobe document, but still we have to run the security scan every quarter to identify the vulnerabilities in AEM.