Your SlideShare is downloading. ×
  • Like
Security testing with SecureCQ
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Security testing with SecureCQ

  • 116 views
Published

 

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
116
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Security testing with SecureCQ Tomasz Rękawek Cognifide
  • 2. Security challenges • CQ exposes a lot of data – Sling itself is a RESTful HTTP XML/JSON (or WebDAV) interface to JCR – CQ has additional features, available using appropriate selector, GET parameter, path, eg.: • .feed selector • ?debug=layout • /libs/shindig/proxy?url=http://www.cqcon.eu in CQ 5.4 • All that is enabled by default • For administrator each feature is a potential security flaw • Administrator needs to know all of that • Security checklists and blog posts come in handy • SecureCQ – automated tool based on security checklists
  • 3. Live demo
  • 4. Downloads • Package Share – One-click-install • http://github.com/Cognifide/SecureCQ – Sources – Information on creating new tests • Blog post on cognifide.com: Keep your CMS safe with Secure CQ