Adobe Experience Manager (AEM) is an enterprise-grade CMS and is quite popular among high-profile companies. There are many bug bounty programs with AEM included in the scope. In the talk, the author will share unique methodology on how to approach AEM weabpps in bug bounty programs. Misconfiguration issues, as well as product vulnerabilities, will be covered in the talk, including newly discovered vulnerabilities. The author will present automation tool called “AEM hacker” for discovering vulnerabilities in AEM webapps.
Every minute that goes by, your unknown vulnerabilities leave you more exposed to cyber attacks.