Saturday 15 June 2024

Security.txt in AEM

How do security researchers and bug hunters determine whom to contact when they discover vulnerabilities within an organization's system? Without defined reporting channels, researchers may struggle to identify where to report these vulnerabilities, leaving the organization exposed to potential attacks. However, organizations can address this challenge by following CISA's guidance and implementing a straightforward solution: the security.txt file.

Security.txt is a proposed Internet standard, RFC 9116, which concisely advertises an entity’s vulnerability disclosure process. 

Similar to robots.txt, the security.txt file is machine-readable and is typically located on a public-facing webserver, either in the root directory or the "well-known" directory. This file enables security professionals and researchers to promptly identify an organization's preferences for reporting vulnerabilities. It's important to note that each domain and subdomain within an organization's network should have its own security.txt file.

Generally, security.txt files contains below fields,

Mandatory fields:


How researchers should contact entities to report security vulnerabilities, such as email, phone number, or a web page. Entities should list contact methods by order of preference, with the first being most preferred.


Date and time after which the data contained in the "security.txt" file is considered stale and should not be used.


Optional fields:



Link to the entity's public key (like OpenPGP) for researchers to encrypt communications with the entity.


Canonical URIs where the “security.txt” file is located.


Link to a page where security researchers are recognized for their reports and collaboration.


Comma-separated list of natural language in which researchers can submit reports to the entity. If the field is omitted, researchers should assume the preferred language is English. (Communication is key.)

Example (for English, Spanish, and French):

Preferred-Languages: en, es, fr


Link to the location of the entity’s vulnerability disclosure policy and reporting practices.


Link to the entity’s security-related job positions.


A link to the provider-metadata.json of your CSAF (Common Security Advisory Framework) provider. Remember to include "https://".


You can create a security.txt file in AEM’s content path and have rewrites to enable them. 

Ensure you make it available through inline options

Path: /dispatcher-cloud/src/conf.d/rewrites/

File: rewrite.rules


## content-disposition rule for security.txt

<LocationMatch ".*/.well-known/security.txt$">

    ForceType text/plain

    Header set Content-Disposition inline



How to renew Adobe certifications through continuous learning activities and passing assessments, or by passing a non-proctored, on-demand job role exam


Renewing specific Adobe certifications is simplified through an alternative to the standard proctored exam. By following these steps, you can renew your certificates:


1. Engage with Adobe learning tutorials relevant to your certification.

2. Successfully complete three sets of assessments.

3. Obtain your renewed certificates upon completion.


Steps given below,

Go to url:

Now login to :

As part of professional you have below links,

·       Adobe Experience Manager Business Practitioner Professional

·       Adobe Experience Manager Sites Developer Professional

·       Adobe Experience Manager Assets Developer Professional




As part of Expert and Master below certifications are available for renew.




  • Adobe Experience Manager Sites Developer Expert
  • Adobe Experience Manager Sites Business Practitioner Expert
  • Adobe Experience Manager Sites Architect Master
  • Adobe Experience Manager Dev/Ops Engineer Expert
  • Adobe Experience Manager Forms Developer Expert



Courses and course assessments for Expert and Master:

Courses for Expert and Master

Course Assessment

Moving to Adobe Experience Manager as a Cloud Service


Planning Your Move to Adobe Experience Manager as a Cloud Service


Introduction to Adobe Experience Manager as a Cloud Service


Headless content management using GraphQL APIs


Personalize Experiences with Adobe Experience Manager and Adobe Target


Integrate Experience Manager Forms Cloud Service with Salesforce


Adobe Experience Manager Cloud Manager Skill Builder


Adobe Experience Manager Sites for Architects




Steps to renew,


·  Step 1: Successfully log in to Adobe Credential Management System, then return to this page

·  Step 2: Study the courses in Experience League

For this click on below url and complete them




Now once the learning sections are completed, go to course assessments



·  Step 3: Complete the assessment as given below,.



It will open up non proctored exams.




Once you complete any of the conditions(Below given), your certificates will be updated.


Option A:
Choose three courses from the available options and ensure you pass each course assessment with a score of 80% or higher. These assessments are free, on-demand, non-proctored, and allow open-book referencing. You can retake the courses as needed until you achieve the required passing score of 80%.


Option B:
Begin by selecting two courses to undertake and ensure you pass each course assessment with a score of 80% or higher. These assessments are free, on-demand, non-proctored, and permit open-book referencing. Repeat the courses if necessary until you achieve the passing score of 80%.