Posts Tagged ‘security’

5G

Resolving Sitecore SXA 9.3 Core Library JavaScript Security Vulnerabilities

Site themes for a Sitecore SXA site determine the look, feel and interactivity of the user interface. Base themes, included by default in the Media Library, are intended to be leveraged as dependencies for one or more site themes. Base Themes are built on top of a set of core, third-party CSS and JavaScript libraries […]

A Look at DevOps in 2020: Sonatype’s Community Survey

DevOps teams routinely deal with the most sensitive needs of an organization: security, governance, and compliance. However, not every organization is on the same page when it comes to DevOps, which can leave developers feeling overwhelmed and overworked. Sonatype recently released findings from its seventh annual DevOps Community Survey that examines the differences between mature […]

Network Connection Technology

DevSecOps Best Practices – Automated Compliance

Secure software practices are at the heart of all system development; doubly so for highly regulated industries such as health-care providers.  Multiple regulatory controls are required for the custodianship of patient and customer data, creation of secure software systems, governance of development environments, and ensuring proper management of audit information. As a best-practice it is […]

Why You Should be Using the Principal Permissions View in AEM

Before AEM 6.5, we really only had one UI to manage user permissions.  That’s not to say we couldn’t go to the JCR directly and set ACLs, but the user admin screen was just simpler. For instance, take this example from the classic user admin console. Typically, this meant that we would check the root […]

5G

5G Is Here, and It’s Time to Increase Your Cybersecurity Posture

5G is changing the face of communication and connection. According to Forbes, the technological innovations from 5G could contribute as much as $2.2 trillion to the global economy over the next 15 years. The service will revolutionize the amount of data collection and increasing the number of connected devices and sensors. With the rapid growth […]

Creating a Custom YAML file for the Access Control Tool

In my previous post I talked about how to add service users to the YAML file exported by the AC Tool.  But what if you want to do something else that isn’t currently possible without a recompile? There may be many reasons to create a custom file, the reason I did it was to include […]

Webp.net Resizeimage 69

Netcentric AC Tool – Adding Service Users to Your YAML Files

In my last post, I showed you how to create your YAML output files.  By default, these files do not contain any user information, however, the tool does give you a pretty easy way to include these by using an OSGi configuration.  The only drawback to this approach is that you can’t change it without […]

Istock 927720230 Featured Image

Getting Started with the Netcentric Access Control Tool

Keeping permissions in sync across environments is an issue for most organizations.  In AEM, you can export permissions using packages but this becomes a tedious process if you need to do this on a regular basis. I won’t say that the AC Tool solves the problem completely but it’s a good place to start.  In […]

DevSecOps and Release – Security Architect

In my previous post, DevSecOps and Release Coordination, I introduced the idea of four key players in the DevSecOps mediated release management process. The idea is to consolidate the validation and approval steps from a “gated” process, and shift the actual work of validation earlier in development. In this post, we will explore the role […]

Security Concerns

Tackle Security Concerns for Application Modernization

In our previous post, Create Your Transformation Roadmap for Application Modernization, we offered guidance to prepare your organization for successful cloud adoption. Part 2 of this series addresses some of the security concerns you may stumble upon in your cloud journey. We also share some best practices for infusing security across your organization. Questions about […]

How to Create and Configure SSL Key and Trust Stores Part 1/3

This post will be the first in a multi-part series talking about configuring various key stores and trust stores IBM MQ and IBM Integration Bus and populating them with certificates. General Information Key stores and trust stores are files in a proprietary format. Key stores hold certificates that an application sends across during the SSL […]

Application security assessment

How To Use The AWS API With S3 Buckets In Your Pen Test

Pen testers often need to stage payloads and other tools on servers outside of their own infrastructure.  In this post I’ll show you how to use the Amazon AWS command line interface (CLI) to dynamically create and manage S3 buckets that you can use in your own pen tests.  I’ll also show you how to […]

Load More