Expand my Community achievements bar.

SOLVED

Security testing in AEM as a Cloud Application

Avatar

Level 3
Level 3
1/10/24 5:26:51 AM

Dear All, 

We are building a CMS website using AEM as a cloud service. Does anyone know if AEM deployment pipeline automatically handles the security/penetration vulnerabilities? Or is there a need of any third party plugin to check the same? 

Previously with Magnolia CMS, we were using Kiuwan for this purpose. But I assume AEM Cloud is already checking security issues during Code Scanning stage of deployment pipeline. 

 

If anyone has any thoughts/comments, it would be really helpful. 

 

Thank you !!

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Security

Views

578

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
1/10/24 7:18:01 AM

Here are some thoughts:

 

  • The code quality gateway, which runs on each pipeline from Cloud Manager, includes a security scan that identifies vulnerabilities. You can find more information about this scan here. If you need to understand the rules associated with this security scan, you can check them here or visit this community link.

  • Any AEM website using AEMaaCS will be hosted on Adobe Managed Services (AMS), which already has security tests in place. These tests are usually not public, but you can contact your Adobe representative for more details if you need this information for compliance or any other purpose.

  • You are free to conduct additional security tests on your website. However, you need to coordinate with AMS regarding the timing of such security tests. Once coordinated, you can perform load, performance, or penetration tests as needed.

Hope this helps


Esteban Bustamante

View solution in original post

Views

563

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
5 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
1/10/24 7:18:01 AM

Here are some thoughts:

 

  • The code quality gateway, which runs on each pipeline from Cloud Manager, includes a security scan that identifies vulnerabilities. You can find more information about this scan here. If you need to understand the rules associated with this security scan, you can check them here or visit this community link.

  • Any AEM website using AEMaaCS will be hosted on Adobe Managed Services (AMS), which already has security tests in place. These tests are usually not public, but you can contact your Adobe representative for more details if you need this information for compliance or any other purpose.

  • You are free to conduct additional security tests on your website. However, you need to coordinate with AMS regarding the timing of such security tests. Once coordinated, you can perform load, performance, or penetration tests as needed.

Hope this helps


Esteban Bustamante

Views

564

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 6
Level 6
1/10/24 12:19:55 PM

AEMaaCS offers advanced security features such as multi-factor authentication, Single-Sign-On (SSO), and SAML 2.0 authentication. Environments are pre-configured with security rules, and the Author tier is automatically integrated with the Adobe IMS by default.

 

In terms of deployment, AEM Cloud Manager includes a  CI/CD framework, which allows implementation teams to quickly test and deliver new or updated code. The CI/CD pipeline performs a thorough code scan. It also automates unit and performance testing processes to increase deployment efficiency and proactively identify critical issues.

 

Depending on your specific security requirements and the complexity of your application, you may still want to consider using additional security tools or practices.


Please check these documentations for reference:
AEM as a Cloud Service Security Overview:
https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/security/cloud-serv...

Cloud Manager CI/CD Pipelines :

https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/using-....

 

Views

535

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Administrator
Administrator
1/11/24 12:43:29 AM

@jainrupal2408 Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.



Kautuk Sahni

Views

515

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
\/content/dam assets - adding a meta robots tag Solved

Views

52

Likes

0

Replies

2
AEM as Cloud service OSGI console permission to developers

Views

23

Likes

0

Replies

2
Error in extending Core Component in AEMaaCS

Views

54

Likes

0

Replies

2
Error while calling path servlet in publish environment AEMaaCS

Views

67

Likes

0

Replies

3
AEM integration with Salesforce Marketing Cloud

Views

80

Likes

0

Replies

2