Maximize Your Store Security with the Adobe Security Scan Tool: A Comprehensive Guide

The enhanced Adobe Security Scan Tool offers unparalleled monitoring for your Adobe Commerce and Magento Open Source websites, including Progressive Web Apps (PWAs). This free tool is designed to detect known security vulnerabilities and malware, ensuring you stay informed with timely patch updates and crucial security notifications. Protecting your online store is paramount, and the Adobe Security Scan Tool provides the insights and proactive measures necessary to maintain a secure environment for your business and customers.

With the Adobe Security Scan Tool, you can:

• Gain Real-Time Security Insights: Instantly understand the security posture of your online store, identifying potential risks as they arise.
• Receive Best Practice Recommendations: Get actionable, expert-backed suggestions to effectively resolve identified security issues and strengthen your defenses.
• Schedule Automated Security Scans: Customize scan frequency to weekly, daily, or initiate on-demand scans for continuous and flexible monitoring.
• Leverage Extensive Security Testing: Benefit from over 21,000 security tests rigorously designed to pinpoint potential malware and vulnerabilities.
• Access Historical Security Reports: Track your security progress and monitor the effectiveness of your implemented security measures over time with comprehensive historical reports.
• Detailed Scan Reports with Actionable Insights: Review scan reports that clearly outline successful checks and failures, accompanied by recommended actions to remediate any identified issues.

The Adobe Security Scan Tool is readily accessible at no cost through your Commerce/Magento account dashboard, underlining Adobe’s commitment to providing robust security for its platform users. For in-depth technical information and setup guidance, refer to the Set up the Security Scan Tool section within the Commerce on Cloud Infrastructure Guide.

Step-by-Step Guide: Running an Adobe Security Scan

Securing your online store with the Adobe Security Scan Tool is a straightforward process. Follow these steps to initiate and configure security scans for your websites:

1. Access the Security Scan Tool: Begin by navigating to the Commerce home page and logging into your Commerce/Magento account.

2. Accept Terms and Conditions: Locate the Security Scan option in the left-hand panel and click Go to Security Scan. Before proceeding, carefully review the Terms and Conditions and click Agree to accept them.

3. Add Your Website for Monitoring: On the Monitored Websites page, click the +Add Site button. It’s important to configure a separate scan for each of your sites if you operate multiple domains to ensure comprehensive security coverage.

4. Verify Domain Ownership: To confirm you own the site domain, you’ll need to add a confirmation code. Choose the method appropriate for your storefront type:

   For Adobe Commerce Storefront:

   • Enter your Site URL and a descriptive Site Name.

   • Click Generate Confirmation Code.

   • Click Copy to copy the generated confirmation code to your clipboard.

   • Access your store’s Admin panel as a user with full administrator privileges.

   • Navigate to Content > Design > Configuration.

   • Find your website in the list and click Edit.

   • Expand the HTML Head section.

   • Scroll to Scripts and Style Sheets, click in the text box after any existing code, and paste the confirmation code.

   • Click Save Configuration to apply the changes.

   For PWA Storefront:

   • Enter your Site URL and Site Name.

   • For Confirmation Code, select the META Tag option and click Generate Code.

   • Click Copy to copy the generated META Tag confirmation code.

   • Go to your PWA Studio storefront project directory.

   • Navigate to packages > venia-concept > template.html.

   • Add the copied META Tag confirmation code to the HTML head section and save the file.

   • In your PWA Studio CLI, run yarn install && yarn build to install dependencies and build the project.

   yarn install && yarn build

   • In your Cloud project, create a pwa folder and copy the contents of your storefront project’s dist folder into it.

   mkdir pwa && cp -r <path to your storefront project>/dist/* pwa

   • Use Git to stage, commit, and push these changes to your Cloud project.

   git add . && git commit -m "Added storefront file bundles" && git push origin

5. Verify Confirmation Code: Return to the Security Scan page in your Commerce account and click Verify Confirmation Code to finalize domain ownership verification.

6. Configure Automatic Security Scans: Set up the Set Automatic Security Scan options to schedule regular scans. You can choose between:

   Scan Weekly (Recommended):

   • Select the Week Day, Time, and Time Zone for your weekly scan. The default is Saturday midnight UTC.

   Scan Daily:

   • Choose the Time and Time Zone for your daily scan. The default is midnight UTC.

7. Enter Notification Email: Provide the Email Address where you wish to receive notifications regarding completed scans and security updates, ensuring you stay promptly informed about your store’s security status.

8. Submit Configuration: Click Submit to finalize the setup. Once domain ownership is confirmed, your site will be listed on the Monitored Websites page within your Commerce account.

9. Repeat for Multiple Websites: If you manage multiple websites with different domains, repeat this entire process to configure the Adobe Security Scan Tool for each, ensuring comprehensive protection across your online portfolio.

By following these steps, you can effectively utilize the Adobe Security Scan Tool to proactively monitor and enhance the security of your Adobe Commerce and Magento Open Source stores, safeguarding your business and customer data.