Thursday, 26 May 2022

Understanding the basics of CCMS and Adobe Experience Manager Guides

 There are cases where we might need to manage content beyond the capability of a CMS Solution. Component Content Management System (CCMS) lets you manage content at a component level by providing capability of managing content at granular levels. Here content is created in the form of components.


What is a component in CCMS?
A component is a piece of structured & self-contained content. It can contain a single word, a series of paragraphs, an image, table, or a video. The components are written in a modular manner without any style dependency. Component manages the relationships and associations and tracks all its usage and status.

Metadata is the one piece which makes a component more efficient. Components also enhances the way of content publishing to multi channels effortlessly.

What are some of the common use cases of a CCMS?

Some of the major usecases of a CCMS are given below,

  • Product/Technical documentation
  • Help & Support Content
  • Datasheets/Data booklet
  • Policies and procedures
  • Long-form marketing content


CMS Vs CCMS
CMS usually store content as pages or documents. But CCMS manage content as individual paragraphs and words.
CCMS helps distribution of granular content by enabling re-use of the content instead of re-writing or copy/paste.
It helps multi-channel publish to any output or system while providing content analytics with a built in security.
Translation capabilities are one of the major feature in any CCMS.

An example implementation could be a chatbot picking up exact content from a CCMS and providing relevant information to user based on his query.

What is DITA w.r.t CCMS?
Majority of the CCMS uses a structured open standard known as DITA (Darwin Information Typing Architecture ). DITA is a set of specification about document types for authoring and organizing topic-oriented information, as well as a set of mechanisms for combining, extending, and constraining document types.

 Other platforms and programs can be easily integrated with a DITA Component Content Management System via REST/API calls.

Adobe's role in CCMS world.

'Adobe Experience Manager Guides'  A CCMS from Adobe, provides a structured content management for experience-driven documentation. Adobe Experience Manager Guides is an end-to-end solution which is scalable, agile and cloud-native with below capabilities.

  • Structured content management - Enables content creation, versioning, translation & reuse, reference management, search and metadata management, Workflow enabled process.
  • Web-based content creation, review and collaboration - Creation & migration of any content to DITA with the out-of-the-box ingestion framework via seamless workflow process
  • Omnichannel content experiences - Seamlessly delivers content to AEM sites, Mobile Apps, CRM, IoT,Chatbots and other forms
  • AI-powered documentation - Smart tagging & smart cropping based on Adobe Sensei for faster content discovery and delivery
  • Native integration with Adobe products - Built in integration with Adobe Creative Cloud and Adobe Experience Cloud
  • Cloud Enabled - Leveraging the Adobe Experience Manager cloud native capability of always current, scalable, secure & global.


Read more here:


Saturday, 7 May 2022

Application security testing within AEM Boundary and Tools

Evolution of AEM from on-prem/AMS to AEM As Cloud service has reduced the security concerns to a certain limit. But there are areas an AEM architect should be concerned about, when the code moves to production.

Role of Application Security Testing (AST)
The application security is a major consideration when new design techniques are adopted and DevSecOps are in demand. Application Security Testing (AST) tools available as On-Premise,Cloud or as a SaaS offering. The current tech-market comprises of Application Security Testing (AST) tools offering core testing capabilities — which can be of type static, dynamic, interactive and various optional, specialized capabilities testing;


Below given a set of the AST techniques in brief
    
Static AST (SAST): SAST analyzes an application’s source, bytecode or binary code for security vulnerabilities - Mainly during development & testing phases.
   
Dynamic AST (DAST): DAST analyzes applications in their running/dynamic state during testing mainly during operational phases.
DAST Simulates the attack on web-application(AEM) and APIs(within the boundary of AEM application)
   
Software composition analysis (SCA):    SCA is used to identify other open-source and, less frequently, commercial components in use within an AEM application. From this, known security vulnerabilities, potential licensing concerns and operational risks can be identified.

Interactive AST (IAST): IAST checks a running application, For e.g In case of AEM via the Java Virtual Machine [JVM] and examines its operation to identify vulnerabilities.

Fuzzing: Fuzz testing relies on providing random, malformed or unexpected input to a program to identify potential security vulnerabilities — For e.g., a memory leaks or buffer overflows or application crashes.

Mobile AST (MAST): MAST generally use traditional testing approaches (e.g., SAST and DAST) that have been optimized to support languages and frameworks commonly used to develop mobile and/or Internet of things (IoT) applications. Since mobile & IoT is a related technology with AEM, we must consider such techniques.

Some of the market leaders in AST

There are many AST tools available in market, but below given a set of tools which we came across during our evaluation.
Synopsis, Checkmarx, Veracode, Contrast security, Invicti, Data Theorem are some of the options which can be considered for Application security testing.

Please comment if you have come across any other tools suitable for AEM projetcs.

Conclusion
An architectural thought should be around the selection of tools available in market, the time frame for testing, frequency and penetration level etc. 

The consideration for tool selection must factor pricing vs a freemium model, low-code applications, notification/ alert strategies, language options, IDE & Dashboard supports, customer experience etc.