Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Security testing with SecureCQ
Tomasz Rękawek
Cognifide
Security challenges
• CQ exposes a lot of data
– Sling itself is a RESTful HTTP XML/JSON (or WebDAV) interface
to JCR
– CQ...
Live demo
Downloads
• Package Share
– One-click-install
• http://github.com/Cognifide/SecureCQ
– Sources
– Information on creating n...
Upcoming SlideShare
Loading in …5
×

Security testing with SecureCQ

343 views

Published on

Published in: Technology
  • Be the first to comment

Security testing with SecureCQ

  1. 1. Security testing with SecureCQ Tomasz Rękawek Cognifide
  2. 2. Security challenges • CQ exposes a lot of data – Sling itself is a RESTful HTTP XML/JSON (or WebDAV) interface to JCR – CQ has additional features, available using appropriate selector, GET parameter, path, eg.: • .feed selector • ?debug=layout • /libs/shindig/proxy?url=http://www.cqcon.eu in CQ 5.4 • All that is enabled by default • For administrator each feature is a potential security flaw • Administrator needs to know all of that • Security checklists and blog posts come in handy • SecureCQ – automated tool based on security checklists
  3. 3. Live demo
  4. 4. Downloads • Package Share – One-click-install • http://github.com/Cognifide/SecureCQ – Sources – Information on creating new tests • Blog post on cognifide.com: Keep your CMS safe with Secure CQ

×