Hi All,- Can you please suggest a tool/method to find the security vulnerabilities in AEM.
Please note - We are running in AEM 6.5.7 in AWS cloud platform.
Solved! Go to Solution.
Views
Replies
Total Likes
Please look into using Checkmarx, Fortify and Sonarcube
Please look into using Checkmarx, Fortify and Sonarcube
Thanks for your response . Can we able to figure out the open vulnerabilities from AEM application.
Like this security checklist : https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/getting-started/security...
So far I have seen these security scan applications review the code and doesn't look like it will detect based on https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/getting-started/security... or https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security-checkl...
However, you should be able to work with the designated expert/contact for this on your team to see for any desired configurations they can add that will do these checks.
(Please let us know if you find anything or are able to configure any thing like that
Definitely - will let you know
@Raja-kp Good to see you in the AEM community assisting others. Keep the great community work going.
Views
Replies
Total Likes
Thanks @kautuk_sahni
Hi @Raja-kp ,
To ensure the blacklisted urls mentioned in dispatcher security checklist, try with curl command with your dispatcher urls, if it returns 200 you have to fix it. This curl command can also be automated through CI/CD via shell / any scripts and urls can be grouped into lists.
Views
Likes
Replies
Views
Likes
Replies