Posts Tagged ‘OWASP’

AEM dispatcher security

How Good is your AEM Security? – AEMaaCS and 3rd Party Dependencies

Large scale data breaches and critical security vulnerabilities have companies thinking about security more than ever.  Many developers are familiar with the OWASP top 10 (https://owasp.org/www-project-top-ten/).  There are already many resources on generic mitigation for these vulnerabilities.  So instead, in this series, I cover security issues and mitigations specific to AEM.  In this final post, […]

Dice with words on the faces, reading "Manage Your Risk"

How good is your AEM Security? – Mitigation Tools

Large scale data breaches and critical security vulnerabilities have companies thinking about security more than ever.  Many developers are familiar with the OWASP top 10 (https://owasp.org/www-project-top-ten/).  There are already many resources on generic mitigation for these vulnerabilities.  So instead, in this series, I will cover security issues and mitigations specific to AEM.  Here I will […]

RNSecurity

How good is your AEM security? – Sling Resolution

Large scale data breaches and critical security vulnerabilities have companies thinking about security more than ever.  Many developers are familiar with the OWASP top 10 (https://owasp.org/www-project-top-ten/) and there are already many resources on generic mitigation for these vulnerabilities.  Instead in this series, I cover security issues and mitigations specific to AEM.  Today’s topic is Sling […]

How good is your AEM security? – XSS

Large scale data breaches and critical security vulnerabilities have companies thinking about security more than ever.  Many developers are familiar with the OWASP top 10 (https://owasp.org/www-project-top-ten/) and there are already many resources on generic mitigation for these vulnerabilities.  Instead in this series, I cover security issues and mitigations specific to AEM. XSS and AntiSamy As […]

Jump-Start Your Secure Coding Program With OWASP ASVS 3.0

The concept of secure coding used to be a little hazy, one of those you’ll-know-it-when-you-see it concepts.  Patterns for secure coding generally arrived as one-offs, where some vendor would recommend their product/library/framework  because it “solved critical security problem X and here’s why…”  Recently, however, the vast number of data breaches reported in the news has dramatically driven […]