Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

Application security testing within AEM Boundary and Tools | AEM Community Blog Seeding

Avatar

Administrator

BlogImage.jpg

Application security testing within AEM Boundary and Tools by Aaemtutorial

Abstract

Evolution of AEM from on-prem/AMS to AEM As Cloud service has reduced the security concerns to a certain limit. But there are areas an AEM architect should be concerned about, when the code moves to production.

Role of Application Security Testing (AST)
The application security is a major consideration when new design techniques are adopted and DevSecOps are in demand. Application Security Testing (AST) tools available as On-Premise,Cloud or as a SaaS offering. The current tech-market comprises of Application Security Testing (AST) tools offering core testing capabilities — which can be of type static, dynamic, interactive and various optional, specialized capabilities testing;


Below given a set of the AST techniques in brief

Static AST (SAST): SAST analyzes an application’s source, bytecode or binary code for security vulnerabilities - Mainly during development & testing phases.

Dynamic AST (DAST): DAST analyzes applications in their running/dynamic state during testing mainly during operational phases.
DAST Simulates the attack on web-application(AEM) and APIs(within the boundary of AEM application)

Software composition analysis (SCA): SCA is used to identify other open-source and, less frequently, commercial components in use within an AEM application. From this, known security vulnerabilities, potential licensing concerns and operational risks can be identified.

Interactive AST (IAST): IAST checks a running application, For e.g In case of AEM via the Java Virtual Machine [JVM] and examines its operation to identify vulnerabilities.

Fuzzing: Fuzz testing relies on providing random, malformed or unexpected input to a program to identify potential security vulnerabilities — For e.g., a memory leaks or buffer overflows or application crashes.

Mobile AST (MAST): MAST generally use traditional testing approaches (e.g., SAST and DAST) that have been optimized to support languages and frameworks commonly used to develop mobile and/or Internet of things (IoT) applications. Since mobile & IoT is a related technology with AEM, we must consider such techniques.

Read Full Blog

Application security testing within AEM Boundary and Tools

Q&A

Please use this thread to ask the related questions.



Kautuk Sahni
0 Replies