Security testing with SecureCQ
Tomasz Rękawek
Cognifide
Security challenges
• CQ exposes a lot of data
– Sling itself is a RESTful HTTP XML/JSON (or WebDAV) interface
to JCR
– CQ...
Live demo
Downloads
• Package Share
– One-click-install
• http://github.com/Cognifide/SecureCQ
– Sources
– Information on creating n...
Upcoming SlideShare
Loading in …5
×

Security testing with SecureCQ

298 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
298
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Security testing with SecureCQ

  1. 1. Security testing with SecureCQ Tomasz Rękawek Cognifide
  2. 2. Security challenges • CQ exposes a lot of data – Sling itself is a RESTful HTTP XML/JSON (or WebDAV) interface to JCR – CQ has additional features, available using appropriate selector, GET parameter, path, eg.: • .feed selector • ?debug=layout • /libs/shindig/proxy?url=http://www.cqcon.eu in CQ 5.4 • All that is enabled by default • For administrator each feature is a potential security flaw • Administrator needs to know all of that • Security checklists and blog posts come in handy • SecureCQ – automated tool based on security checklists
  3. 3. Live demo
  4. 4. Downloads • Package Share – One-click-install • http://github.com/Cognifide/SecureCQ – Sources – Information on creating new tests • Blog post on cognifide.com: Keep your CMS safe with Secure CQ

×