Rules of AEM

How to Configure CSP header in AEM ? Content Security Policy (CSP) is a security feature that helps prevent cross-site scripting (XSS) and other code injection attacks by restricting the sources from which a page can load resources. To implement a CSP header in an Apache web server, you can use the Header directive in your Apache configuration. Here are the steps to implement a CSP header in Apache: Determine your CSP policy: First, you need to determine your CSP policy. This policy defines the rules for what types of content can be loaded from which sources. You can use a CSP policy generator like the one available on the Mozilla Developer Network (MDN) website to generate a policy that meets your needs. Add the CSP header to your Apache configuration: Once you have your CSP policy, you can add the CSP header to your Apache configuration. To do this, open your Apache configuration file (usually located at /etc/httpd/conf/httpd.conf or a similar location depending on your setup) and

 Adobe Experience Manager (AEM) is a popular content management system that is widely used by businesses to manage and publish digital content. With the increasing amount of sensitive data being stored and shared online, it's important for AEM users to be aware of the security features that the platform offers. In this blog, we'll discuss some of the key security features of AEM and provide tips for keeping your AEM instance secure. Authentication and Authorization AEM provides several options for authentication and authorization. Users can log in using their credentials, which can be verified using LDAP or other external identity providers. Once authenticated, users are assigned roles and permissions, which determine what actions they can perform within AEM. To keep your AEM instance secure, it's important to ensure that users only have the permissions they need to perform their jobs. For example, if a user doesn't need to publish content, they should not be given perm

 HTTP/3: The Next Generation of Web Communications The Internet has come a long way since the introduction of the first version of the Hypertext Transfer Protocol (HTTP) in 1991. The evolution of the web has led to the development of new technologies, with the most recent being HTTP/3, the third version of the HTTP protocol. In this blog, we will discuss what HTTP/3 is, its benefits, and how it differs from previous versions of the HTTP protocol. What is HTTP/3? HTTP/3 is the third version of the HTTP protocol and is designed to be a faster and more efficient way of transmitting data over the Internet. HTTP/3 was developed as a response to the growing demands of modern web applications, which require fast and reliable data transfer to provide users with a seamless experience. HTTP/3 is based on the QUIC protocol, which is a new transport layer protocol designed for the Internet. QUIC is designed to provide low latency, high security, and high performance for the Internet, making it an

HTTP Smuggling is a technique used by attackers to inject malicious requests into a web application. This can cause significant security risks and data breaches if not addressed properly. In this blog, we will discuss what HTTP Smuggling is, how it can be exploited, and the solution to prevent it in Adobe Experience Manager (AEM). What is HTTP Smuggling? HTTP Smuggling is a technique where attackers can manipulate the HTTP requests sent to a web server to bypass security mechanisms. The attacker can manipulate the request in a way that makes it look like a legitimate request to the server, but in reality, it is carrying malicious payloads. This technique is particularly dangerous because it can be used to bypass firewalls, intrusion detection systems, and web application firewalls (WAFs). How can HTTP Smuggling be Exploited in AEM? AEM is a popular web content management system used by organizations worldwide. As with any web application, AEM is vulnerable to HTTP Smuggling attacks if

  AEM - LDAP Integration LDAP (the   L ightweight   D irectory   A ccess   P rotocol) is used for accessing centralised directory services.  You can achieve below vital things with LDAP integration The User accounts can be synchronised between LDAP server and the AEM repository.  The AEM uses LDAP authentication  to authenticate users, with credentials being passed to the LDAP server for validation.  To improve performance, successfully validated credentials can be cached by repository, with an expire timeout. This helps reduce the effort required to manage user accounts as they can be accessed by the multiple applications.  When a user/account is removed from LDAP server validation is no longer granted & access to the AEM is denied.  The following are the AEM steps for integrating the LDAP and using it as your Single Sign On (SSO) source of truth for authenticating AEM Users. In order to have LDAP working with AEM, you need to create three OSGi configurations: An LDAP Identity Pro

How to Configure S3 in AEM  Configuring s3 data stores in AEM 6 In Adobe Experience Manager (AEM), binary data can be stored independently from the content nodes. The binary data is stored in a data store, whereas content nodes are stored in a node store. Both data stores and node stores can be configured using OSGi configuration. Each OSGi configuration is referenced using a persistent identifier (PID). In this article we learn the detailed steps for configuration S3 data store in AEM.  You can get the architectural level understand of S3 with AEM from article -  https://www.aemrules.com/2021/06/how-does-s3-works-with-aem.html   Amazon S3 Data Store AEM can be configured to store data in Amazon’s Simple Storage Service (S3). It uses the org.apache.jackrabbit.oak.plugins.blob.datastore.S3DataStore.config PID for configuration.   In order to enable the S3 data store functionality, a feature pack containing the S3 Datastore Connector needs to be downloaded and installed.  Go to the Adob

How to Use Crypto Support in AEM to Encrypt/Decrypt Data? While working with AEM, The AEM dev-ops / developer team sometimes have a requirements to call third-party APIs/Services. Configurations related to these APIs/Services like username, passwords, client id/secrets, API keys are usually stored in a code repository in the form of OSGi configuration. This sensitive information should be stored encrypted rather than plain-text format. This is possible through the OOTB AEM Crypto Support bundle. This bundle provides services for encrypting and decrypting the confidential/secured data through system-wide keys (hmac and master files).   What are the Features of Crypto Support? Decryption happens at runtime. No one can decrypt the data through the UI. There’s no UI to decrypt the encrypted data. So, the information remains secure. What are hmac/master keys? Encryption/decryption happens through keys (hmac and master files). These keys get generated during the first startup of AEM instance