Security.txt in AEM

How do security researchers and bug hunters determine whom to contact when they discover vulnerabilities within an organization's system? Without defined reporting channels, researchers may struggle to identify where to report these vulnerabilities, leaving the organization exposed to potential attacks. However, organizations can address this challenge by following CISA's guidance and implementing a straightforward solution: the security.txt file.

Security.txt is a proposed Internet standard, RFC 9116, which concisely advertises an entity’s vulnerability disclosure process. 

Similar to robots.txt, the security.txt file is machine-readable and is typically located on a public-facing webserver, either in the root directory or the "well-known" directory. This file enables security professionals and researchers to promptly identify an organization's preferences for reporting vulnerabilities. It's important to note that each domain and subdomain within an organization's network should have its own security.txt file.

Generally, security.txt files contains below fields,

Mandatory fields:

Contact	How researchers should contact entities to report security vulnerabilities, such as email, phone number, or a web page. Entities should list contact methods by order of preference, with the first being most preferred.
Expires	Date and time after which the data contained in the "security.txt" file is considered stale and should not be used.

 

Optional fields:

 

Encryption	Link to the entity's public key (like OpenPGP) for researchers to encrypt communications with the entity.
Canonical	Canonical URIs where the “security.txt” file is located.
Acknowledgements	Link to a page where security researchers are recognized for their reports and collaboration.
Preferred-Languages	Comma-separated list of natural language in which researchers can submit reports to the entity. If the field is omitted, researchers should assume the preferred language is English. (Communication is key.) Example (for English, Spanish, and French): Preferred-Languages: en, es, fr
Policy	Link to the location of the entity’s vulnerability disclosure policy and reporting practices.
Hiring	Link to the entity’s security-related job positions.
CSAF	A link to the provider-metadata.json of your CSAF (Common Security Advisory Framework) provider. Remember to include "https://".

 

You can create a security.txt file in AEM’s content path and have rewrites to enable them. 

Ensure you make it available through inline options

Path: /dispatcher-cloud/src/conf.d/rewrites/

File: rewrite.rules

 

## content-disposition rule for security.txt

<LocationMatch ".*/.well-known/security.txt$">

    ForceType text/plain

    Header set Content-Disposition inline

</LocationMatch>

 

How to renew Adobe certifications through continuous learning activities and passing assessments, or by passing a non-proctored, on-demand job role exam

 

Renewing specific Adobe certifications is simplified through an alternative to the standard proctored exam. By following these steps, you can renew your certificates:

 

1. Engage with Adobe learning tutorials relevant to your certification.

2. Successfully complete three sets of assessments.

3. Obtain your renewed certificates upon completion.

 

Steps given below,

Go to url: https://experienceleague.adobe.com/en/docs/certification/program/technical-certifications/aem/aem-renew

Now login to : https://www.certmetrics.com/adobe#_blank

As part of professional you have below links,

·       Adobe Experience Manager Business Practitioner Professional

·       Adobe Experience Manager Sites Developer Professional

·       Adobe Experience Manager Assets Developer Professional

 

 

 

As part of Expert and Master below certifications are available for renew.

 

 

 

• Adobe Experience Manager Sites Developer Expert
• Adobe Experience Manager Sites Business Practitioner Expert
• Adobe Experience Manager Sites Architect Master
• Adobe Experience Manager Dev/Ops Engineer Expert
• Adobe Experience Manager Forms Developer Expert

 

 

Courses and course assessments for Expert and Master:

Courses for Expert and Master	Course Assessment
Moving to Adobe Experience Manager as a Cloud Service	ADR-EA101
Planning Your Move to Adobe Experience Manager as a Cloud Service	ADR-EA102
Introduction to Adobe Experience Manager as a Cloud Service	ADR-EA103
Headless content management using GraphQL APIs	ADR-EA104
Personalize Experiences with Adobe Experience Manager and Adobe Target	ADR-EA105
Integrate Experience Manager Forms Cloud Service with Salesforce	ADR-EA106
Adobe Experience Manager Cloud Manager Skill Builder	ADR-EA107
Adobe Experience Manager Sites for Architects	ADR-EA108

 

 

Steps to renew,

 

·  Step 1: Successfully log in to Adobe Credential Management System, then return to this page

·  Step 2: Study the courses in Experience League

For this click on below url and complete them

 

 

 

Now once the learning sections are completed, go to course assessments

 

 

·  Step 3: Complete the assessment as given below,.

 

 

It will open up non proctored exams.

 

 

 

Once you complete any of the conditions(Below given), your certificates will be updated.

 

Option A:
Choose three courses from the available options and ensure you pass each course assessment with a score of 80% or higher. These assessments are free, on-demand, non-proctored, and allow open-book referencing. You can retake the courses as needed until you achieve the required passing score of 80%.

 

Option B:
Begin by selecting two courses to undertake and ensure you pass each course assessment with a score of 80% or higher. These assessments are free, on-demand, non-proctored, and permit open-book referencing. Repeat the courses if necessary until you achieve the passing score of 80%.