Created

May 26, 2013

Tighten your Security and Privacy Learn How at CQCON 2013

Posted by Lars Krapf

Security and privacy are key requirements for any web application today.

Sites have to undergo thorough penetration tests before their "go- live", our customers have security consultants join in during the RFP processes while news of major hacks hit the mainstream media regularly.

In my talk at CQCON 2013 I will focus on two major security topics to help you build secure sites and applications on top of Granite and Adobe CQ, now part of Adobe Experience Manager (AEM).

The Sling method loginAdministrative() and related functionality have been a source of code-based vulnerabilities and subtle bugs throughout AEM. This talk will give an analysis of the problem and provide strategies on how to avoid administrative sessions in your own AEM projects.

Further we will have a look at cross-site scripting (XSS) - a notorious problem in all web applications, and especially in content management systems. What are the risks and challenges in the AEM context? How can we detect vulnerabilities and, more importantly, how can we prevent them?

Hope to catch up with you at CQCON 2013

 

file

COMMENTS

  • By APK - 10:20 AM on May 31, 2014   Reply
    Many Thanks.
  • By View this site - 1:09 PM on May 31, 2014   Reply
    What are the risks and challenges in the AEM context? How can we detect vulnerabilities and, more importantly, how can we prevent them?
    • By here - 8:28 AM on Jun 01, 2014   Reply
      echnological testing and the overall expansion of the global security industrial market. The spectacular moment of the ‘world’s next great event’ provides unique leverage fo
      • By Get your training - 11:11 AM on Jun 01, 2014   Reply
        challenges in the AEM context? How can we detect vulnerabilities and, more importantly, how can we prevent them?
      • By tidung.net - 4:55 AM on Jun 02, 2014   Reply
        Thanks.
        • By hargaandroid.com - 8:51 AM on Jun 03, 2014   Reply
          Many Thanks.
          • By cartier tank mc replica - 11:55 AM on Jun 05, 2014   Reply
            challenges in the AEM context? How can we detect vulnerabilities and, more importantly, how can we prevent them?
            • By apk - 11:10 AM on Jun 06, 2014   Reply
              Thanks.
              • By Cheap Traffic - 11:41 AM on Jun 07, 2014   Reply
                I know every aspect of the profession: pattern-cutting, cutting out, assembling, designing. This is why my clients ask me to do prototypes.
                • By Guaranteed Signups - 7:01 AM on Jun 08, 2014   Reply
                  This website is a community focused around the Michael Fiore Text Your Ex Back system teaches you how to get your ex back by sending specially designed text messages from your cell phone.
                  • By extract cambogia garcinia - 10:00 AM on Jun 12, 2014   Reply
                    This website is a community focused around the Michael Fiore Text Your Ex Back system teaches you how to get your ex back by sending specially designed text messages from your cell phone
                  • By Jasa SEO - 11:21 AM on Jun 08, 2014   Reply
                    Many Thanks.
                    • By viagramelanomalawsuit.org - 3:01 PM on Aug 05, 2014   Reply
                      This is a great inspiring article.I am pretty much pleased with your good work.You put really very helpful information. Keep it up. Keep blogging. Looking to reading your next post.
                    • By Tattoos - 4:34 PM on Jun 08, 2014   Reply
                      Many Thanks.
                      • By step up height - 7:39 AM on Jun 09, 2014   Reply
                        Improve your height with this amazing formula and add more grace to your personality. Step up height increaser is a great product and can do wonders to your personality.
                        • By Commentmaster - 8:26 PM on Jun 09, 2014   Reply
                          Actually get pleasure from this fantastic submit that you've got provided for people like us. Fantastic web page along with a wonderful topic also i really find amazed to learn to read this. Its fantastic.
                          • By garcinia camboja extract 1000mg - 7:41 AM on Jun 10, 2014   Reply
                            Improve your height with this amazing formula and add more grace to your personality. Step up height increaser is a great product and can do wonders to your personality.
                            • By Huddersfield University - 9:21 AM on Jun 10, 2014   Reply
                              functionality have been a source of code-based vulnerabilities and subtle bugs throughout AEM. This talk will give an analysis of the problem and provide strategies on how to avoid administrative sessions in your own AEM projects.
                                • By Cheap Price blog comments - 5:05 AM on Jun 11, 2014   Reply
                                  challenges in the AEM context? How can we detect vulnerabilities and, more importantly, how can we prevent them?
                                  • By step up height increaser - 12:21 PM on Jun 11, 2014   Reply
                                    Really i am impressed from this post. The person who created this post is a genius and knows how to keep the readers connected.
                                    • By col3neg movie - 5:03 AM on Jun 12, 2014   Reply
                                      The key is to find a website that offers TV show episodes among other downloads and does not charge per download is easy come to us col3negoriginal .
                                      • By Get your training - 7:31 AM on Jun 12, 2014   Reply
                                        This website is a community focused around the Michael Fiore Text Your Ex Back system teaches you how to get your ex back by sending specially designed text messages from your cell phone.
                                        • By Fifa World Cup 2014 Fixtures UK Time - 7:40 AM on Jun 13, 2014   Reply
                                          This is a perfect blog describing everything what i need..
                                          • By garcinia cambogia fruit extract - 8:05 AM on Jun 14, 2014   Reply
                                            es in the AEM context? How can we detect vulnerabilities and, more importantly, how can we p
                                            • By garcinia cambogia fruit extract - 8:05 AM on Jun 14, 2014   Reply
                                              es in the AEM context? How can we detect vulnerabilities and, more importantly, how can we p
                                              • By www.eczemafreeforever.org.uk - 10:16 AM on Jun 14, 2014   Reply
                                                Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic.
                                                • By www.eczemafreeforever.org.uk - 10:16 AM on Jun 14, 2014   Reply
                                                  Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic.
                                                  • By GO here! - 7:20 AM on Jun 15, 2014   Reply
                                                    Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic.
                                                    • By Career in Logistics - 9:12 AM on Jun 15, 2014   Reply
                                                      Hi there, i read your blog from time to time and i own a similar one and i was just curious if you get a lot of spam remarks? If so how do you stop it, any plugin or anything you can advise? I get so much lately it's driving me insane so any support is very much appreciated.
                                                      • By Career in Logistics - 9:12 AM on Jun 15, 2014   Reply
                                                        Heya i am for the primary time here. I came across this board and I to find It truly helpful & it helped me out a lot. I hope to offer something back and aid others such as you aided me.
                                                        • By Sales Jobs - 9:21 AM on Jun 15, 2014   Reply
                                                          My programmer is trying to convince me to move to .net from PHP. I have always disliked the idea because of the costs. But he's tryiong none the less. I've been using WordPress on a variety of websites for about a year and am nervous about switching to another platform. I have heard fantastic things about blogengine.net. Is there a way I can transfer all my wordpress content into it? Any help would be greatly appreciated!
                                                          • By Cheap Price blog comments - 9:44 AM on Jun 15, 2014   Reply
                                                            Besides the live cattle demonstrations in the Livestock Industries Building, you can also talk with sales reps from manufacturers of fencing, livestock panels, buildings and facilities, livestock waterers
                                                            • By acid cambogia garcinia - 5:16 AM on Jun 16, 2014   Reply
                                                              es the live cattle demonstrations in the Livestock Industries Building, you can also talk with sales reps from manufacturers of fencing, livestock panels, building
                                                              • By Here - 8:45 AM on Jun 16, 2014   Reply
                                                                I came across this board and I to find It truly helpful & it helped me out a lot. I hope to offer something back and aid others such as you aided me....
                                                                • By follow for more info - 5:53 AM on Jun 17, 2014   Reply
                                                                  Sites have to undergo thorough penetration tests before their "go- live", our customers have security consultants join in during the RFP processes while news of major hacks hit the mainstream media regularly.
                                                                  • By best iphone 5 screen protector review - 8:05 AM on Jun 17, 2014   Reply
                                                                    In this webinar, we will continue the exciting conversations around “mobile,” focusing on the ability to deliver relevant experiences across the multitude of mobile and tablet devices available today.fd draj
                                                                    • By usikhan - 8:57 AM on Jun 17, 2014   Reply
                                                                      this webinar, we will continue the exciting conversations around “mobile,” focusing on the ability to deliver relevant experiences across the multitude of mobile and tablet devices available today
                                                                      • By Obat Keputihan - 9:24 AM on Jun 22, 2014   Reply
                                                                        Many Thanks.
                                                                        • By the bv miracle - 1:39 PM on Jun 23, 2014   Reply
                                                                          Sites have to undergo thorough penetration tests before their "go- live", our customers have security consultants join in during the RFP processes while news of major hacks hit the mainstream media regularly.
                                                                          • By http://progettareunbagno.it - 4:34 PM on Jun 26, 2014   Reply
                                                                            What are the risks and challenges in the AEM context? How can we detect vulnerabilities and, more importantly, how can we prevent them?
                                                                            • By SEO - 4:01 AM on Jun 27, 2014   Reply
                                                                              Many Thanks.
                                                                              • By SEO - 4:03 AM on Jun 27, 2014   Reply
                                                                                Many Thanks.
                                                                                • By flash hemsida - 9:10 AM on Jul 05, 2014   Reply
                                                                                  What are the risks and challenges in the AEM context? How can we detect vulnerabilities and, more importantly, how can we prevent them?
                                                                                  • By airul - 10:45 AM on Jul 06, 2014   Reply
                                                                                    Thanks.
                                                                                    • By things to do in grenada - 5:02 AM on Jul 07, 2014   Reply
                                                                                      What are the risks and challenges in the AEM context? How can we detect vulnerabilities and, more importantly, how can we prevent them?
                                                                                      • By Retail Link Login - 7:39 AM on Jul 08, 2014   Reply
                                                                                        Sites have to undergo thorough penetration tests before their "go- live", our customers have security consultants join in during the RFP processes while news of major hacks hit the mainstream media regularly.
                                                                                        • By ATT Family Map Login - 5:47 AM on Jul 09, 2014   Reply
                                                                                          Sites have to undergo thorough penetration tests before their "go- live", our customers have security consultants join in during the RFP processes while news of major hacks hit the mainstream media regularly.
                                                                                          • By venus factor system - 7:08 AM on Jul 12, 2014   Reply
                                                                                            How To Make Him Desire You teaches you unique and easy to implement techniques to make a man feel an obsessive attraction toward you.
                                                                                            • By model baju lebaran - 4:08 PM on Jul 12, 2014   Reply
                                                                                              i really to say nice tools from adobe. i like it.
                                                                                              • By property near mrt - 11:07 AM on Jul 14, 2014   Reply
                                                                                                <a href="http://www.bbb.org/boston/business-reviews/heating-contractors/c-attardo-heating-air-conditioning-inc-in-westford-ma-113566/">Chris Attardo</a> : Chris Attardo started his rise in business management when he joined Burnham as their marketing manager in September 1994.Chris Attard is a Senior Manager professional in Content & Network Management Systems. He has lot of experience in different systems administration. For more information check out : chris-attardo.weebly.com.
                                                                                                • By Yamaha R15 indonesia - 8:37 AM on Jul 15, 2014   Reply
                                                                                                  i really to say nice tools from adobe. i like it.
                                                                                                  • By Fast url opener - 5:43 PM on Jul 15, 2014   Reply
                                                                                                    Really appreciate this wonderful post that you have provided for us.Great site and a great topic as well i really get amazed to read this. Its really good.
                                                                                                    • By Crystal X Asli - 2:35 AM on Jul 17, 2014   Reply
                                                                                                      i really to say nice tools from adobe. i like it.
                                                                                                      • By link m88 - 7:36 AM on Jul 17, 2014   Reply
                                                                                                        The work is rewarding if you like a sense of accomplishment and like to see a finished product as the result of your labor,” said Richards.
                                                                                                        • By Lahore Board Result - 7:51 AM on Jul 17, 2014   Reply
                                                                                                          Very informative Post.. keep posting such an amazing information..
                                                                                                          • By duplichecker - 7:15 PM on Jul 18, 2014   Reply
                                                                                                            wonderful post this is. Truly, magnificent. One of the very best works I've ever witnessed by anyone on the internet as of yet. And that too came from my most beloved blog
                                                                                                            • By race depriest's text that girl system - 8:55 PM on Jul 21, 2014   Reply
                                                                                                              cross-site scripting (XSS) - a notorious problem in all web applications, and especially in content management systems. What are the risks and challenges in the AEM context? How can we detect vulnerabilities and, more importantly,
                                                                                                              • By Life Experience Degree - 12:23 AM on Jul 22, 2014   Reply
                                                                                                                Finally, an article with real substance on this subject! I am glad I found this material. Your a quality writer with unique talent and original thoughts. This is excellent work.
                                                                                                                • By Company Logo Design - 12:24 AM on Jul 22, 2014   Reply
                                                                                                                  I am actually getting ready to across this information, is very helpful my friend. Also great blog here with all of the valuable information you have.
                                                                                                                  • By Crystal X Asli - 7:06 PM on Jul 22, 2014   Reply
                                                                                                                    i really to say nice tools from adobe. i like it.
                                                                                                                    • By m88 - 10:20 AM on Jul 24, 2014   Reply
                                                                                                                      On the striker Welbeck alongside Rooney, the Reds are 2 wings of Valencia and Shaw, Stone Herrrera rookie center midfielders and Fletcher, when Mata played in the household, the bottom block is 3 pin M88 Smalling, Jones, Evans. With this diagram M88 Manchester United players have many options varied attack. At the bottom line pair M88 and Valencia winger Shaw has lined pretty good for 3 defender, so players always make public or MU.
                                                                                                                      • By storage facilities - 10:48 AM on Jul 24, 2014   Reply
                                                                                                                        undergo thorough penetration tests before their "go- live", our customers have security consultants join in during the RFP processes while news
                                                                                                                        • By I Know Seo - 12:31 PM on Jul 25, 2014   Reply
                                                                                                                          I am commenting to let you know what a terrific experience my daughter enjoyed reading through your web page. She noticed a wide variety of pieces, with the inclusion of what it is like to have an awesome helping style to have the rest without hassle grasp some grueling matters.
                                                                                                                          • By Eid Mubarak SMS - 5:07 PM on Jul 25, 2014   Reply
                                                                                                                            undergo thorough penetration tests before their "go- live", our customers have security consultants join in during the RFP processes while news
                                                                                                                            • By moving supplies storage units - 10:09 PM on Jul 25, 2014   Reply
                                                                                                                              cross-site scripting (XSS) - a notorious problem in all web applications, and especially in content management systems. What are the risks and challenges in the AEM context? How can we detect vulnerabilities and, more imp
                                                                                                                              • By christian h. girlfriend system program - 8:08 PM on Jul 30, 2014   Reply
                                                                                                                                related functionality have been a source of code-based vulnerabilities and subtle bugs throughout AEM. This talk will give an analysis of the problem and provide strategies on how to avoid administrative sessions in your own AEM projects.
                                                                                                                              • By photographers in kandy - 10:11 PM on Jul 30, 2014   Reply
                                                                                                                                penetration tests before their "go- live", our customers have security consultants join in during the RFP processes while news of major hacks hit the mainstream media regularly.
                                                                                                                                • By Happy Friendship Day SMS - 5:20 PM on Aug 02, 2014   Reply
                                                                                                                                  related functionality have been a source of code-based vulnerabilities and subtle bugs throughout AEM. This talk will give an analysis of the problem and provide strategies on how to avoid administrative sessions in your own AEM projects.
                                                                                                                                • By Raksha Bandhan 2014 - 9:03 PM on Aug 03, 2014   Reply
                                                                                                                                  functionality have been a source of code-based vulnerabilities and subtle bugs throughout AEM
                                                                                                                                  • By Injustice Hack - 11:15 AM on Aug 04, 2014   Reply
                                                                                                                                    This paragraph is truly a pleasant one it assists new internet viewers, who are wishing in favor of blogging.
                                                                                                                                    • By Mirena Lawsuit - 2:30 PM on Aug 05, 2014   Reply
                                                                                                                                      i am for the first time here. I found this board and I in finding It truly helpful & it helped me out a lot. I hope to present something back and help others such as you helped me.
                                                                                                                                      • By Yaz lawsuit - 2:51 PM on Aug 05, 2014   Reply
                                                                                                                                        Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info.
                                                                                                                                        • By lunatik discount code - 6:22 AM on Aug 06, 2014   Reply
                                                                                                                                          This became truly very helpful site. I truly enjoyed what sort of written content had been published. I will be content to help save this web site in to our folder. Many thanks! The way you express yourself is awesome.Hey, your blog is great..
                                                                                                                                          • By Topamax lawsuit - 9:58 AM on Aug 06, 2014   Reply
                                                                                                                                            Excellent article. Very interesting to read. I really love to read such a nice article. Thanks! keep rocking.
                                                                                                                                            • By transvaginal mesh lawsuit - 10:18 AM on Aug 06, 2014   Reply
                                                                                                                                              Thank you for some other informative website. The place else may just I get that kind of information written in such a perfect method? I have a venture that I am simply now running on, and I’ve been at the glance out for such info.
                                                                                                                                              • By testosterone heart attack - 11:11 AM on Aug 06, 2014   Reply
                                                                                                                                                You know your projects stand out of the herd. There is something special about them. It seems to me all of them are really brilliant!
                                                                                                                                                • By Chevy Lawsuit - 11:38 AM on Aug 06, 2014   Reply
                                                                                                                                                  The website is looking bit flashy and it catches the visitors eyes. Design is pretty simple and a good user friendly interface.
                                                                                                                                                  • By Yaz lawyer - 1:04 PM on Aug 06, 2014   Reply
                                                                                                                                                    I appreciate everything you have added to my knowledge base.Admiring the time and effort you put into your blog and detailed information you offer.Thanks.
                                                                                                                                                    • By Risperdal lawyer - 2:15 PM on Aug 06, 2014   Reply
                                                                                                                                                      Your content is nothing short of brilliant in many ways. I think this is engaging and eye-opening material. Thank you so much for caring about your content and your readers.
                                                                                                                                                      • This is my first time i visit here and I found so many interesting stuff in your blog especially it's discussion, thank you.
                                                                                                                                                        • elated functionality have been a source of code-based vulnerabilities and subtle bugs throughout AEM. This talk will give an analysis of the problem and provide strategies on how to avoid administrative sessions in your own AEM project
                                                                                                                                                          • By lisa olson pregnancy miracle book review - 3:56 PM on Aug 07, 2014   Reply
                                                                                                                                                            elated functionality have been a source of code-based vulnerabilities and subtle bugs throughout AEM. This talk will give an analysis of the problem and provide strategies on how to avoid administrative sessions in your own AEM proj
                                                                                                                                                            • By trouble spot training program review - 4:10 PM on Aug 07, 2014   Reply
                                                                                                                                                              thorough penetration tests before their "go- live", our customers have security consultants join in during the RFP processes while news of majo
                                                                                                                                                              • By homepage besuchen - 11:27 PM on Aug 07, 2014   Reply
                                                                                                                                                                - a notorious problem in all web applications, and especially in content management systems. What are the risks and challenges in the AEM context? How can we detect vulnerabilities and, more importantly, how ca
                                                                                                                                                                • By guoguo - 7:10 AM on Aug 09, 2014   Reply
                                                                                                                                                                  http://www.coachoutletstoreinuk.com Coach Outlet Online
                                                                                                                                                                  http://www.coachfactoryoutletanus.com Coach Outlet
                                                                                                                                                                  http://www.coachoutletonlineunsius.com Coach Factory Outlet
                                                                                                                                                                  http://www.coachoutletonlinetur.com Coach Outlet Online
                                                                                                                                                                  http://www.coachfactoryoutletnbsa.com Coach Outlet Store
                                                                                                                                                                  http://www.coachfactoryoutletuisa.com Coach Outlet Store Online
                                                                                                                                                                  http://www.coachoutletstorenie.com Coach Outlet
                                                                                                                                                                  http://www.coachfactorystoreuin.com Coach Factory Online
                                                                                                                                                                  http://www.coachfactoryoutletreba.com Coach Factory Outlet
                                                                                                                                                                  http://www.coachfactoryoutletonlinesius.com Coach Factory Outlet
                                                                                                                                                                  http://www.coachoutletonlinetnse.com Coach Outlet
                                                                                                                                                                  http://www.coachoutletnoia.com Coach Outlet Store Online
                                                                                                                                                                  http://www.chaneloutletinus.com Chanel Outlet Online
                                                                                                                                                                  http://www.louisvuittonoutletina.com Louis Vuitton Outlet
                                                                                                                                                                  http://www.louisvuittonoutletine.com Louis Vuitton Handbags
                                                                                                                                                                  http://www.guccibeltsoutletbcus.com Gucci Belt
                                                                                                                                                                  http://www.guccibelststco.com Gucci Belts
                                                                                                                                                                  • By hromatic band Wedding Bands Northampton - 12:43 AM on Aug 10, 2014   Reply
                                                                                                                                                                    Northampton UK based Wedding Band, Party Band and Function Band - Chromatic Band, is regarded by many as the UK's number 1 band when it comes to those special parties that simply must go well. Guaranteed a perfect musical time.
                                                                                                                                                                    • By Merancang Desain Rumah unik - 1:05 PM on Aug 15, 2014   Reply
                                                                                                                                                                      I wish to show thanks to you just for bailing me out of this particular trouble.As a result of checking through the the net and meeting techniques that were not productive, I was thinking my life was done.
                                                                                                                                                                      • By membuat desain rumah unik - 1:07 PM on Aug 15, 2014   Reply
                                                                                                                                                                        I believe there are many more pleasurable opportunities ahead for individuals that looked at your site.
                                                                                                                                                                        • By Brendt Miracle Arthritis Cure secrets - 2:12 PM on Aug 15, 2014   Reply
                                                                                                                                                                          Does Brendt Miracle Yeast Infection Cure Really Work? Find Out Why So Many People Are Using It to Stop Yeast Infection Flare-Ups for Good!
                                                                                                                                                                          • By SECU Login - 7:38 AM on Aug 18, 2014   Reply
                                                                                                                                                                            Does Brendt Miracle Yeast Infection Cure Really Work? Find Out Why So Many People Are Using It to Stop Yeast Infection Flare-Ups for Good!
                                                                                                                                                                            • By for another story - 7:23 AM on Aug 20, 2014   Reply
                                                                                                                                                                              echnological testing and the overall expansion of the global security industrial market. The spectacular moment of the ‘world’s next great event’ provides unique leverage fo

                                                                                                                                                                              ADD A COMMENT