Saturday, 15 June 2024

Security.txt in AEM

How do security researchers and bug hunters determine whom to contact when they discover vulnerabilities within an organization's system? Without defined reporting channels, researchers may struggle to identify where to report these vulnerabilities, leaving the organization exposed to potential attacks. However, organizations can address this challenge by following CISA's guidance and implementing a straightforward solution: the security.txt file.

Security.txt is a proposed Internet standard, RFC 9116, which concisely advertises an entity’s vulnerability disclosure process. 

Similar to robots.txt, the security.txt file is machine-readable and is typically located on a public-facing webserver, either in the root directory or the "well-known" directory. This file enables security professionals and researchers to promptly identify an organization's preferences for reporting vulnerabilities. It's important to note that each domain and subdomain within an organization's network should have its own security.txt file.

Generally, security.txt files contains below fields,

Mandatory fields:

Contact

How researchers should contact entities to report security vulnerabilities, such as email, phone number, or a web page. Entities should list contact methods by order of preference, with the first being most preferred.

Expires

Date and time after which the data contained in the "security.txt" file is considered stale and should not be used.

 

Optional fields:

 

Encryption

Link to the entity's public key (like OpenPGP) for researchers to encrypt communications with the entity.

Canonical

Canonical URIs where the “security.txt” file is located.

Acknowledgements

Link to a page where security researchers are recognized for their reports and collaboration.

Preferred-Languages

Comma-separated list of natural language in which researchers can submit reports to the entity. If the field is omitted, researchers should assume the preferred language is English. (Communication is key.)

Example (for English, Spanish, and French):

Preferred-Languages: en, es, fr

Policy

Link to the location of the entity’s vulnerability disclosure policy and reporting practices.

Hiring

Link to the entity’s security-related job positions.

CSAF

A link to the provider-metadata.json of your CSAF (Common Security Advisory Framework) provider. Remember to include "https://".

 

You can create a security.txt file in AEM’s content path and have rewrites to enable them. 

Ensure you make it available through inline options

Path: /dispatcher-cloud/src/conf.d/rewrites/

File: rewrite.rules

 

## content-disposition rule for security.txt

<LocationMatch ".*/.well-known/security.txt$">

    ForceType text/plain

    Header set Content-Disposition inline

</LocationMatch>

 

How to renew Adobe certifications through continuous learning activities and passing assessments, or by passing a non-proctored, on-demand job role exam

 

Renewing specific Adobe certifications is simplified through an alternative to the standard proctored exam. By following these steps, you can renew your certificates:

 

1. Engage with Adobe learning tutorials relevant to your certification.

2. Successfully complete three sets of assessments.

3. Obtain your renewed certificates upon completion.

 

Steps given below,

Go to url: https://experienceleague.adobe.com/en/docs/certification/program/technical-certifications/aem/aem-renew

Now login to : https://www.certmetrics.com/adobe#_blank

As part of professional you have below links,

·       Adobe Experience Manager Business Practitioner Professional

·       Adobe Experience Manager Sites Developer Professional

·       Adobe Experience Manager Assets Developer Professional

 

 

 

As part of Expert and Master below certifications are available for renew.

 

 

 


  • Adobe Experience Manager Sites Developer Expert
  • Adobe Experience Manager Sites Business Practitioner Expert
  • Adobe Experience Manager Sites Architect Master
  • Adobe Experience Manager Dev/Ops Engineer Expert
  • Adobe Experience Manager Forms Developer Expert

 

 

Courses and course assessments for Expert and Master:

Courses for Expert and Master

Course Assessment

Moving to Adobe Experience Manager as a Cloud Service

ADR-EA101

Planning Your Move to Adobe Experience Manager as a Cloud Service

ADR-EA102

Introduction to Adobe Experience Manager as a Cloud Service

ADR-EA103

Headless content management using GraphQL APIs

ADR-EA104

Personalize Experiences with Adobe Experience Manager and Adobe Target

ADR-EA105

Integrate Experience Manager Forms Cloud Service with Salesforce

ADR-EA106

Adobe Experience Manager Cloud Manager Skill Builder

ADR-EA107

Adobe Experience Manager Sites for Architects

ADR-EA108

 

 

Steps to renew,

 

·  Step 1: Successfully log in to Adobe Credential Management System, then return to this page

·  Step 2: Study the courses in Experience League

For this click on below url and complete them

 

 

 

Now once the learning sections are completed, go to course assessments

 

 

·  Step 3: Complete the assessment as given below,.

 

 

It will open up non proctored exams.

 

 

 

Once you complete any of the conditions(Below given), your certificates will be updated.

 

Option A:
Choose three courses from the available options and ensure you pass each course assessment with a score of 80% or higher. These assessments are free, on-demand, non-proctored, and allow open-book referencing. You can retake the courses as needed until you achieve the required passing score of 80%.

 

Option B:
Begin by selecting two courses to undertake and ensure you pass each course assessment with a score of 80% or higher. These assessments are free, on-demand, non-proctored, and permit open-book referencing. Repeat the courses if necessary until you achieve the passing score of 80%.