Security testing with SecureCQ
-
Upload
connectwebex -
Category
Business
-
view
664 -
download
1
Transcript of Security testing with SecureCQ
![Page 1: Security testing with SecureCQ](https://reader035.fdocuments.us/reader035/viewer/2022081210/55aed0211a28abdc788b473f/html5/thumbnails/1.jpg)
Security testing with SecureCQ
Tomasz Rękawek
Cognifide
![Page 2: Security testing with SecureCQ](https://reader035.fdocuments.us/reader035/viewer/2022081210/55aed0211a28abdc788b473f/html5/thumbnails/2.jpg)
Security challenges
• CQ exposes a lot of data – Sling itself is a RESTful HTTP XML/JSON (or WebDAV) interface
to JCR – CQ has additional features, available using appropriate selector,
GET parameter, path, eg.: • .feed selector • ?debug=layout • /libs/shindig/proxy?url=http://www.cqcon.eu in CQ 5.4
• All that is enabled by default • For administrator each feature is a potential security flaw • Administrator needs to know all of that • Security checklists and blog posts come in handy • SecureCQ – automated tool based on security checklists
![Page 3: Security testing with SecureCQ](https://reader035.fdocuments.us/reader035/viewer/2022081210/55aed0211a28abdc788b473f/html5/thumbnails/3.jpg)
Live demo
![Page 4: Security testing with SecureCQ](https://reader035.fdocuments.us/reader035/viewer/2022081210/55aed0211a28abdc788b473f/html5/thumbnails/4.jpg)
Downloads
• Package Share
– One-click-install
• http://github.com/Cognifide/SecureCQ
– Sources
– Information on creating new tests
• Blog post on cognifide.com:
Keep your CMS safe with Secure CQ