Secure CQ is a tool which can be used to find the most popular security problems in your CQ instance. It tests both instances (author, publish) and also the dispatcher, as some resources should be restricted in the cache configuration. It checks:
if the default passwords are changed,
if there are no unnecessary protocols enabled after being published,
if the the administrator console access is disabled,
if content-grabbing selectors are restricted on the dispatcher,
Each test contains a description and the More info link which references the external site to additional information about a given security flaw.