Expand my Community achievements bar.

SOLVED

Security testing in AEM as a Cloud Application

Avatar

Level 3

Dear All, 

We are building a CMS website using AEM as a cloud service. Does anyone know if AEM deployment pipeline automatically handles the security/penetration vulnerabilities? Or is there a need of any third party plugin to check the same? 

Previously with Magnolia CMS, we were using Kiuwan for this purpose. But I assume AEM Cloud is already checking security issues during Code Scanning stage of deployment pipeline. 

 

If anyone has any thoughts/comments, it would be really helpful. 

 

Thank you !!

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Here are some thoughts:

 

  • The code quality gateway, which runs on each pipeline from Cloud Manager, includes a security scan that identifies vulnerabilities. You can find more information about this scan here. If you need to understand the rules associated with this security scan, you can check them here or visit this community link.

  • Any AEM website using AEMaaCS will be hosted on Adobe Managed Services (AMS), which already has security tests in place. These tests are usually not public, but you can contact your Adobe representative for more details if you need this information for compliance or any other purpose.

  • You are free to conduct additional security tests on your website. However, you need to coordinate with AMS regarding the timing of such security tests. Once coordinated, you can perform load, performance, or penetration tests as needed.

Hope this helps



Esteban Bustamante

View solution in original post

5 Replies

Avatar

Correct answer by
Community Advisor

Here are some thoughts:

 

  • The code quality gateway, which runs on each pipeline from Cloud Manager, includes a security scan that identifies vulnerabilities. You can find more information about this scan here. If you need to understand the rules associated with this security scan, you can check them here or visit this community link.

  • Any AEM website using AEMaaCS will be hosted on Adobe Managed Services (AMS), which already has security tests in place. These tests are usually not public, but you can contact your Adobe representative for more details if you need this information for compliance or any other purpose.

  • You are free to conduct additional security tests on your website. However, you need to coordinate with AMS regarding the timing of such security tests. Once coordinated, you can perform load, performance, or penetration tests as needed.

Hope this helps



Esteban Bustamante

Avatar

Community Advisor

AEMaaCS offers advanced security features such as multi-factor authentication, Single-Sign-On (SSO), and SAML 2.0 authentication. Environments are pre-configured with security rules, and the Author tier is automatically integrated with the Adobe IMS by default.

 

In terms of deployment, AEM Cloud Manager includes a  CI/CD framework, which allows implementation teams to quickly test and deliver new or updated code. The CI/CD pipeline performs a thorough code scan. It also automates unit and performance testing processes to increase deployment efficiency and proactively identify critical issues.

 

Depending on your specific security requirements and the complexity of your application, you may still want to consider using additional security tools or practices.


Please check these documentations for reference:
AEM as a Cloud Service Security Overview:
https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/security/cloud-serv...

Cloud Manager CI/CD Pipelines :

https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/using-....

 

Avatar

Administrator

@jainrupal2408 Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.



Kautuk Sahni