We are proud to announce that Perficient has achieved a Microsoft designation in Security (Microsoft 365 and Azure). This further recognizes Perficient as a leading partner in Microsoft security solutions. Last year, Microsoft’s Partner Network (MPN) officially stepped onto the scene under a new name: Microsoft Cloud Partner Program. They also phased out the 18 […]
Posts Tagged ‘security’
Working with Access Tokens on a Client within a Headless Solutions
Sitecore leaning toward a composable architecture with a mostly headless development model, where all the business logic is shifted to a head app, which also becomes a major point of integration, the majority of which requires some sort of authentication. TL;DR Do not work with an authentication token on a client! But what if I […]
AWS — Site-to-Site VPN Connections Overview
Agenda Autonomous System and BGP what is Site-to-Site VPN Flow Diagram and Architecture Site-to-Site VPN features Site-to-Site VPN limitations Customer gateway and Virtual Gateway Limitation Alternate VPN Demo What is Autonomous System: The Internet is a network of networks, and autonomous systems are the big networks that make up the Internet. More specifically, an autonomous […]
Don’t Snooze on Keeping Sitecore and Related Software up-to-date: .NET Core Edition
Keeping things up to date is critical to maintaining security. But it’s not just security patches that need to be installed. Most software has a shelf life, and support life. If things get out of date, and vendors no longer support some versions they become vulnerable. Microsoft .Net Core A recent example of this is […]
People of Perficient: Meet Lorena Garza, Sr. Security and Compliance Analyst
To tell women that they can achieve anything is one thing. However, to actively demonstrate that growth can be accomplished through hard work and dedication is another thing entirely. Women play an integral role in building the path towards gender equality and female empowerment, but it is also up to each one of us to […]
How Good is your AEM Security? – AEMaaCS and 3rd Party Dependencies
Large scale data breaches and critical security vulnerabilities have companies thinking about security more than ever. Many developers are familiar with the OWASP top 10 (https://owasp.org/www-project-top-ten/). There are already many resources on generic mitigation for these vulnerabilities. So instead, in this series, I cover security issues and mitigations specific to AEM. In this final post, […]
How good is your AEM Security? – Mitigation Tools
Large scale data breaches and critical security vulnerabilities have companies thinking about security more than ever. Many developers are familiar with the OWASP top 10 (https://owasp.org/www-project-top-ten/). There are already many resources on generic mitigation for these vulnerabilities. So instead, in this series, I will cover security issues and mitigations specific to AEM. Here I will […]
How good is your AEM Security? – Denial of Service
Large scale data breaches and critical security vulnerabilities have companies thinking about security more than ever. Many developers are familiar with the OWASP top 10 (https://owasp.org/www-project-top-ten/) and there are already many resources on generic mitigation for these vulnerabilities. Instead in this series, I cover security issues and mitigations specific to AEM. Today’s topic is Denial […]
IP Whitelisting through AEM Dispatcher in 5 easy steps
The dispatcher is used as a load balancing/caching tool by AEM. It can also be used to block anyone from accessing your AEM author instance. This is to ensure that no one outside the client’s network can access it. AEM Author and publisher should never be exposed directly. In most cases, clients may also require […]
It’s good that Spark Security is turned off by default
Security in Spark is OFF by default, which means you are fully responsible for security from Day One. Spark supports a variety of deployment types, each with its own set of security levels. Not all deployment sorts are safe in every scenario, and none is secure by default. Take the time to analyze your situation, […]
A Guided Tour of Azure Security Center and Governance Services
Security and governance are the cornerstones of foundational cloud implementation. Microsoft provides powerful services to support deploying, integrating, operating, governing and securing cloud environments to meet any organization’s unique requirements. Whether your organization uses Azure Platform as a Service (PaaS) or Azure Infrastructure as a Service (IaaS), Azure Security Center is a centralized and unified […]
Software Attack Surface Analysis
All software systems exist in an insecure state, which creates the need for a way to conduct software attack surface analysis. This is because any useful system must connect in some way with the outside world and therefore contains at least one point of interaction with that world. These communication paths accept data / instructions […]