Adobe Experience Manager Sites & More

Raja-kp · 9/3/21

Hi All,- Can you please suggest a tool/method to find the security vulnerabilities in AEM.

Please note - We are running in AEM 6.5.7 in AWS cloud platform.

Shubham_borole · 9/3/21

Please look into using Checkmarx, Fortify and Sonarcube

View solution in original post

Shubham_borole · 9/3/21

Please look into using Checkmarx, Fortify and Sonarcube

Raja-kp · 9/3/21

Thanks for your response . Can we able to figure out the open vulnerabilities from AEM application.

Like this security checklist : https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/getting-started/security...

Shubham_borole · 9/3/21

So far I have seen these security scan applications review the code and doesn't look like it will detect based on https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/getting-started/security... or https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security-checkl...
However, you should be able to work with the designated expert/contact for this on your team to see for any desired configurations they can add that will do these checks.

(Please let us know if you find anything or are able to configure any thing like that )

Raja-kp · 9/3/21

Definitely - will let you know

kautuk_sahni · 9/6/21

@Raja-kp Good to see you in the AEM community assisting others. Keep the great community work going.

Kautuk Sahni

Raja-kp · 9/21/21

Thanks @kautuk_sahni

Kishore_Kumar_ · 9/3/21

Hi @Raja-kp ,

To ensure the blacklisted urls mentioned in dispatcher security checklist, try with curl command with your dispatcher urls, if it returns 200 you have to fix it. This curl command can also be automated through CI/CD via shell / any scripts and urls can be grouped into lists.

Adobe Experience Manager Sites & More

Security vulnerability scan in AEM

Kautuk Sahni

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe