Created

May 26, 2013

Tighten your Security and Privacy Learn How at CQCON 2013

Posted by Lars Krapf

Security and privacy are key requirements for any web application today.

Sites have to undergo thorough penetration tests before their "go- live", our customers have security consultants join in during the RFP processes while news of major hacks hit the mainstream media regularly.

In my talk at CQCON 2013 I will focus on two major security topics to help you build secure sites and applications on top of Granite and Adobe CQ, now part of Adobe Experience Manager (AEM).

The Sling method loginAdministrative() and related functionality have been a source of code-based vulnerabilities and subtle bugs throughout AEM. This talk will give an analysis of the problem and provide strategies on how to avoid administrative sessions in your own AEM projects.

Further we will have a look at cross-site scripting (XSS) - a notorious problem in all web applications, and especially in content management systems. What are the risks and challenges in the AEM context? How can we detect vulnerabilities and, more importantly, how can we prevent them?

Hope to catch up with you at CQCON 2013

 

file

COMMENTS

  • By APK - 10:20 AM on May 31, 2014   Reply
    Many Thanks.
  • By View this site - 1:09 PM on May 31, 2014   Reply
    What are the risks and challenges in the AEM context? How can we detect vulnerabilities and, more importantly, how can we prevent them?
    • By here - 8:28 AM on Jun 01, 2014   Reply
      echnological testing and the overall expansion of the global security industrial market. The spectacular moment of the ‘world’s next great event’ provides unique leverage fo
      • By Get your training - 11:11 AM on Jun 01, 2014   Reply
        challenges in the AEM context? How can we detect vulnerabilities and, more importantly, how can we prevent them?
      • By tidung.net - 4:55 AM on Jun 02, 2014   Reply
        Thanks.
        • By hargaandroid.com - 8:51 AM on Jun 03, 2014   Reply
          Many Thanks.
          • By cartier tank mc replica - 11:55 AM on Jun 05, 2014   Reply
            challenges in the AEM context? How can we detect vulnerabilities and, more importantly, how can we prevent them?
            • By apk - 11:10 AM on Jun 06, 2014   Reply
              Thanks.
              • By Cheap Traffic - 11:41 AM on Jun 07, 2014   Reply
                I know every aspect of the profession: pattern-cutting, cutting out, assembling, designing. This is why my clients ask me to do prototypes.
                • By Guaranteed Signups - 7:01 AM on Jun 08, 2014   Reply
                  This website is a community focused around the Michael Fiore Text Your Ex Back system teaches you how to get your ex back by sending specially designed text messages from your cell phone.
                  • By extract cambogia garcinia - 10:00 AM on Jun 12, 2014   Reply
                    This website is a community focused around the Michael Fiore Text Your Ex Back system teaches you how to get your ex back by sending specially designed text messages from your cell phone
                  • By Jasa SEO - 11:21 AM on Jun 08, 2014   Reply
                    Many Thanks.
                    • By Tattoos - 4:34 PM on Jun 08, 2014   Reply
                      Many Thanks.
                      • By step up height - 7:39 AM on Jun 09, 2014   Reply
                        Improve your height with this amazing formula and add more grace to your personality. Step up height increaser is a great product and can do wonders to your personality.
                        • By Commentmaster - 8:26 PM on Jun 09, 2014   Reply
                          Actually get pleasure from this fantastic submit that you've got provided for people like us. Fantastic web page along with a wonderful topic also i really find amazed to learn to read this. Its fantastic.
                          • By garcinia camboja extract 1000mg - 7:41 AM on Jun 10, 2014   Reply
                            Improve your height with this amazing formula and add more grace to your personality. Step up height increaser is a great product and can do wonders to your personality.
                            • By Huddersfield University - 9:21 AM on Jun 10, 2014   Reply
                              functionality have been a source of code-based vulnerabilities and subtle bugs throughout AEM. This talk will give an analysis of the problem and provide strategies on how to avoid administrative sessions in your own AEM projects.
                                • By Cheap Price blog comments - 5:05 AM on Jun 11, 2014   Reply
                                  challenges in the AEM context? How can we detect vulnerabilities and, more importantly, how can we prevent them?
                                  • By step up height increaser - 12:21 PM on Jun 11, 2014   Reply
                                    Really i am impressed from this post. The person who created this post is a genius and knows how to keep the readers connected.
                                    • By col3neg movie - 5:03 AM on Jun 12, 2014   Reply
                                      The key is to find a website that offers TV show episodes among other downloads and does not charge per download is easy come to us col3negoriginal .
                                      • By Get your training - 7:31 AM on Jun 12, 2014   Reply
                                        This website is a community focused around the Michael Fiore Text Your Ex Back system teaches you how to get your ex back by sending specially designed text messages from your cell phone.
                                        • By Fifa World Cup 2014 Fixtures UK Time - 7:40 AM on Jun 13, 2014   Reply
                                          This is a perfect blog describing everything what i need..
                                          • By garcinia cambogia fruit extract - 8:05 AM on Jun 14, 2014   Reply
                                            es in the AEM context? How can we detect vulnerabilities and, more importantly, how can we p
                                            • By garcinia cambogia fruit extract - 8:05 AM on Jun 14, 2014   Reply
                                              es in the AEM context? How can we detect vulnerabilities and, more importantly, how can we p
                                              • By www.eczemafreeforever.org.uk - 10:16 AM on Jun 14, 2014   Reply
                                                Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic.
                                                • By www.eczemafreeforever.org.uk - 10:16 AM on Jun 14, 2014   Reply
                                                  Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic.
                                                  • By GO here! - 7:20 AM on Jun 15, 2014   Reply
                                                    Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic.
                                                    • By Career in Logistics - 9:12 AM on Jun 15, 2014   Reply
                                                      Hi there, i read your blog from time to time and i own a similar one and i was just curious if you get a lot of spam remarks? If so how do you stop it, any plugin or anything you can advise? I get so much lately it's driving me insane so any support is very much appreciated.
                                                      • By Career in Logistics - 9:12 AM on Jun 15, 2014   Reply
                                                        Heya i am for the primary time here. I came across this board and I to find It truly helpful & it helped me out a lot. I hope to offer something back and aid others such as you aided me.
                                                        • By Sales Jobs - 9:21 AM on Jun 15, 2014   Reply
                                                          My programmer is trying to convince me to move to .net from PHP. I have always disliked the idea because of the costs. But he's tryiong none the less. I've been using WordPress on a variety of websites for about a year and am nervous about switching to another platform. I have heard fantastic things about blogengine.net. Is there a way I can transfer all my wordpress content into it? Any help would be greatly appreciated!
                                                          • By Cheap Price blog comments - 9:44 AM on Jun 15, 2014   Reply
                                                            Besides the live cattle demonstrations in the Livestock Industries Building, you can also talk with sales reps from manufacturers of fencing, livestock panels, buildings and facilities, livestock waterers
                                                            • By acid cambogia garcinia - 5:16 AM on Jun 16, 2014   Reply
                                                              es the live cattle demonstrations in the Livestock Industries Building, you can also talk with sales reps from manufacturers of fencing, livestock panels, building
                                                              • By Here - 8:45 AM on Jun 16, 2014   Reply
                                                                I came across this board and I to find It truly helpful & it helped me out a lot. I hope to offer something back and aid others such as you aided me....
                                                                • By follow for more info - 5:53 AM on Jun 17, 2014   Reply
                                                                  Sites have to undergo thorough penetration tests before their "go- live", our customers have security consultants join in during the RFP processes while news of major hacks hit the mainstream media regularly.
                                                                  • By best iphone 5 screen protector review - 8:05 AM on Jun 17, 2014   Reply
                                                                    In this webinar, we will continue the exciting conversations around “mobile,” focusing on the ability to deliver relevant experiences across the multitude of mobile and tablet devices available today.fd draj
                                                                    • By usikhan - 8:57 AM on Jun 17, 2014   Reply
                                                                      this webinar, we will continue the exciting conversations around “mobile,” focusing on the ability to deliver relevant experiences across the multitude of mobile and tablet devices available today
                                                                      • By Obat Keputihan - 9:24 AM on Jun 22, 2014   Reply
                                                                        Many Thanks.
                                                                        • By the bv miracle - 1:39 PM on Jun 23, 2014   Reply
                                                                          Sites have to undergo thorough penetration tests before their "go- live", our customers have security consultants join in during the RFP processes while news of major hacks hit the mainstream media regularly.
                                                                          • By http://progettareunbagno.it - 4:34 PM on Jun 26, 2014   Reply
                                                                            What are the risks and challenges in the AEM context? How can we detect vulnerabilities and, more importantly, how can we prevent them?
                                                                            • By SEO - 4:01 AM on Jun 27, 2014   Reply
                                                                              Many Thanks.
                                                                              • By SEO - 4:03 AM on Jun 27, 2014   Reply
                                                                                Many Thanks.
                                                                                • By flash hemsida - 9:10 AM on Jul 05, 2014   Reply
                                                                                  What are the risks and challenges in the AEM context? How can we detect vulnerabilities and, more importantly, how can we prevent them?
                                                                                  • By airul - 10:45 AM on Jul 06, 2014   Reply
                                                                                    Thanks.
                                                                                    • By things to do in grenada - 5:02 AM on Jul 07, 2014   Reply
                                                                                      What are the risks and challenges in the AEM context? How can we detect vulnerabilities and, more importantly, how can we prevent them?
                                                                                      • By Retail Link Login - 7:39 AM on Jul 08, 2014   Reply
                                                                                        Sites have to undergo thorough penetration tests before their "go- live", our customers have security consultants join in during the RFP processes while news of major hacks hit the mainstream media regularly.
                                                                                        • By ATT Family Map Login - 5:47 AM on Jul 09, 2014   Reply
                                                                                          Sites have to undergo thorough penetration tests before their "go- live", our customers have security consultants join in during the RFP processes while news of major hacks hit the mainstream media regularly.
                                                                                          • By venus factor system - 7:08 AM on Jul 12, 2014   Reply
                                                                                            How To Make Him Desire You teaches you unique and easy to implement techniques to make a man feel an obsessive attraction toward you.
                                                                                            • By model baju lebaran - 4:08 PM on Jul 12, 2014   Reply
                                                                                              i really to say nice tools from adobe. i like it.
                                                                                              • By property near mrt - 11:07 AM on Jul 14, 2014   Reply
                                                                                                <a href="http://www.bbb.org/boston/business-reviews/heating-contractors/c-attardo-heating-air-conditioning-inc-in-westford-ma-113566/">Chris Attardo</a> : Chris Attardo started his rise in business management when he joined Burnham as their marketing manager in September 1994.Chris Attard is a Senior Manager professional in Content & Network Management Systems. He has lot of experience in different systems administration. For more information check out : chris-attardo.weebly.com.
                                                                                                • By Yamaha R15 indonesia - 8:37 AM on Jul 15, 2014   Reply
                                                                                                  i really to say nice tools from adobe. i like it.
                                                                                                  • By Fast url opener - 5:43 PM on Jul 15, 2014   Reply
                                                                                                    Really appreciate this wonderful post that you have provided for us.Great site and a great topic as well i really get amazed to read this. Its really good.
                                                                                                    • By Crystal X Asli - 2:35 AM on Jul 17, 2014   Reply
                                                                                                      i really to say nice tools from adobe. i like it.
                                                                                                      • By link m88 - 7:36 AM on Jul 17, 2014   Reply
                                                                                                        The work is rewarding if you like a sense of accomplishment and like to see a finished product as the result of your labor,” said Richards.
                                                                                                        • By Lahore Board Result - 7:51 AM on Jul 17, 2014   Reply
                                                                                                          Very informative Post.. keep posting such an amazing information..
                                                                                                          • By duplichecker - 7:15 PM on Jul 18, 2014   Reply
                                                                                                            wonderful post this is. Truly, magnificent. One of the very best works I've ever witnessed by anyone on the internet as of yet. And that too came from my most beloved blog
                                                                                                            • By race depriest's text that girl system - 8:55 PM on Jul 21, 2014   Reply
                                                                                                              cross-site scripting (XSS) - a notorious problem in all web applications, and especially in content management systems. What are the risks and challenges in the AEM context? How can we detect vulnerabilities and, more importantly,
                                                                                                              • By Life Experience Degree - 12:23 AM on Jul 22, 2014   Reply
                                                                                                                Finally, an article with real substance on this subject! I am glad I found this material. Your a quality writer with unique talent and original thoughts. This is excellent work.
                                                                                                                • By Company Logo Design - 12:24 AM on Jul 22, 2014   Reply
                                                                                                                  I am actually getting ready to across this information, is very helpful my friend. Also great blog here with all of the valuable information you have.
                                                                                                                  • By Crystal X Asli - 7:06 PM on Jul 22, 2014   Reply
                                                                                                                    i really to say nice tools from adobe. i like it.
                                                                                                                    • By m88 - 10:20 AM on Jul 24, 2014   Reply
                                                                                                                      On the striker Welbeck alongside Rooney, the Reds are 2 wings of Valencia and Shaw, Stone Herrrera rookie center midfielders and Fletcher, when Mata played in the household, the bottom block is 3 pin M88 Smalling, Jones, Evans. With this diagram M88 Manchester United players have many options varied attack. At the bottom line pair M88 and Valencia winger Shaw has lined pretty good for 3 defender, so players always make public or MU.
                                                                                                                      • By storage facilities - 10:48 AM on Jul 24, 2014   Reply
                                                                                                                        undergo thorough penetration tests before their "go- live", our customers have security consultants join in during the RFP processes while news
                                                                                                                        • By I Know Seo - 12:31 PM on Jul 25, 2014   Reply
                                                                                                                          I am commenting to let you know what a terrific experience my daughter enjoyed reading through your web page. She noticed a wide variety of pieces, with the inclusion of what it is like to have an awesome helping style to have the rest without hassle grasp some grueling matters.
                                                                                                                          • By Eid Mubarak SMS - 5:07 PM on Jul 25, 2014   Reply
                                                                                                                            undergo thorough penetration tests before their "go- live", our customers have security consultants join in during the RFP processes while news
                                                                                                                            • By moving supplies storage units - 10:09 PM on Jul 25, 2014   Reply
                                                                                                                              cross-site scripting (XSS) - a notorious problem in all web applications, and especially in content management systems. What are the risks and challenges in the AEM context? How can we detect vulnerabilities and, more imp

                                                                                                                              ADD A COMMENT