May 26, 2013

Tighten your Security and Privacy Learn How at CQCON 2013

Posted by Lars Krapf

Security and privacy are key requirements for any web application today.

Sites have to undergo thorough penetration tests before their "go- live", our customers have security consultants join in during the RFP processes while news of major hacks hit the mainstream media regularly.

In my talk at CQCON 2013 I will focus on two major security topics to help you build secure sites and applications on top of Granite and Adobe CQ, now part of Adobe Experience Manager (AEM).

The Sling method loginAdministrative() and related functionality have been a source of code-based vulnerabilities and subtle bugs throughout AEM. This talk will give an analysis of the problem and provide strategies on how to avoid administrative sessions in your own AEM projects.

Further we will have a look at cross-site scripting (XSS) - a notorious problem in all web applications, and especially in content management systems. What are the risks and challenges in the AEM context? How can we detect vulnerabilities and, more importantly, how can we prevent them?

Hope to catch up with you at CQCON 2013