Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

Security vulnerability scan in AEM

Avatar

Community Advisor

Hi All,- Can you please suggest a tool/method to find the security vulnerabilities in AEM.

Please note - We are running in AEM 6.5.7 in AWS cloud platform.

 

 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Please look into using Checkmarx, Fortify and Sonarcube

View solution in original post

7 Replies

Avatar

Correct answer by
Community Advisor

Please look into using Checkmarx, Fortify and Sonarcube

Avatar

Community Advisor

Thanks for your response . Can we able to figure out the open vulnerabilities from AEM application.

Like this security checklist : https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/getting-started/security...

Avatar

Community Advisor

So far I have seen these security scan applications review the code and doesn't look like it will detect based on https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/getting-started/security... or https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security-checkl... 
However, you should be able to work with the designated expert/contact for this on your team to see for any desired configurations they can add that will do these checks.

(Please let us know if you find anything or are able to configure any thing like that )

Avatar

Administrator

@Raja-kp Good to see you in the AEM community assisting others. Keep the great community work going. 



Kautuk Sahni

Avatar

Community Advisor

Hi @Raja-kp ,

 

To ensure the blacklisted urls mentioned in dispatcher security checklist, try with curl command with your dispatcher urls, if it returns 200 you have to fix it. This curl command can also be automated through CI/CD via shell / any scripts and urls can be grouped into lists.