Securing AEM webapps by hacking them

AEM is complex, and securing it could be really tough. Security issues may allow potential attacker to extract sensitive information or achieve remote code execution. Thus, proper security testing of AEM webapp by pentesting/appsec team is vital.

However, there are not so many methodologies and tools available that can be used in practice by security specialists. Author performed research and gathered known vulnerabilities and security misconfigurations as well as discovered new ones.

He created testing methodology and open source automation tool called "AEM hacker toolset". In the talk he will cover most common and severe security issues specific for AEM webapps, and how to test for them.