Successfully reported this slideshow.

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

Security testing with SecureCQ

  1. 1. Security testing with SecureCQ Tomasz Rękawek Cognifide
  2. 2. Security challenges • CQ exposes a lot of data – Sling itself is a RESTful HTTP XML/JSON (or WebDAV) interface to JCR – CQ has additional features, available using appropriate selector, GET parameter, path, eg.: • .feed selector • ?debug=layout • /libs/shindig/proxy?url= in CQ 5.4 • All that is enabled by default • For administrator each feature is a potential security flaw • Administrator needs to know all of that • Security checklists and blog posts come in handy • SecureCQ – automated tool based on security checklists
  3. 3. Live demo
  4. 4. Downloads • Package Share – One-click-install • – Sources – Information on creating new tests • Blog post on Keep your CMS safe with Secure CQ