TeraTech

The ColdFusion Experts: Develop | Secure | Optimize

  • Services
  • About
  • CF Alive
  • Blog
  • Podcast
  • Contact

  • Services
  • About
  • CF Alive
  • Blog
  • Podcast
  • Contact

020 Secrets of High-Security ColdFusion Code, With Pete Freitag

May 2, 2017 By Michaela Light 1 Comment


Pete Freitag talks about “Secrets of High-Security ColdFusion Code” in this episode of ColdFusion Alive Podcast with host Michaela Light.

Pete is the founder of Foundeo, creator of FuseGuard and HackMyCF and he is a ColdFusion security expert. 

Contents

  • Episode topics
  • Mentioned in this episode
  • Speaker details
  • Links
  • Interview transcript

Episode topics

  • Why should you care about security in your CF code
  • What is the most common misconception about website security
  • How long does it typically take between being hacked and discovering the hack
  • How to get started securing your CF code
  • Are some versions of CF more secure than others and why?
  • Why the evaluate() and iif() functions may be the windows your hackers enter your site through
  • How File Uploads can let the bad guys in
  • Why storing API keys in your code is a terrible idea
  • ColdFusion Session hijacking
  • Isn’t it a bad idea to document security holes on the public web?
  • How does CF security compare to Ruby on Rails, PHP, Java and other programming languages
  • What other ways do hackers get into CF servers?
    • IIS
    • SQL Server
    • Windows
    • Social engineering
  • What about modern SSL
  • Tell us why someone should be using FuseGuard and HackMyCF
  • Why are you proud to use CF?
  • WWIT for you to make CF more alive this year?
  • What are you looking forward to at Into The Box?

The task of securing your large code bases from vulnerabilities can be an overwhelming and time-consuming task. Many developers don't know where to start, and never do. This session will arm you with an approach slaying those legacy security vulnerabilities in your CFML code. You will also learn about several vulnerabilities and things to look out for as you develop new code.

Mentioned in this episode

  • FuseGuard
  • HackMyCF
  • HTTP vs HTTPS

And to continue learning how to make your ColdFusion apps more modern and alive, I encourage you to download our free ColdFusion Alive Best Practices Checklist.

Because… perhaps you are responsible for a mission-critical or revenue-generating CF application that you don’t trust 100%, where implementing new features is a painful ad-hoc process with slow turnaround even for simple requests.

What if you have no contingency plan for a sudden developer departure or a server outage? Perhaps every time a new freelancer works on your site, something breaks. Or your application availability, security, and reliability are poor.

And if you are depending on ColdFusion for your job, then you can’t afford to let your CF development methods die on the vine.

You’re making a high-stakes bet that everything is going to be OK using the same old app creation ways in that one language — forever.

All it would take is for your fellow CF developer to quit or for your CIO to decide to leave the (falsely) perceived sinking ship of CFML and you could lose everything—your project, your hard-won CF skills, and possibly even your job.

Luckily, there are a number of simple, logical steps you can take now to protect yourself from these obvious risks.

No Brainer ColdFusion Best Practices to Ensure You Thrive No Matter What Happens Next

ColdFusion Alive Best Practices Checklist

ColdFusion Alive Best Practices Checklist

Modern ColdFusion development best practices that reduce stress, inefficiency, project lifecycle costs while simultaneously increasing project velocity and innovation.

√ Easily create a consistent server architecture across development, testing, and production

√ A modern test environment to prevent bugs from spreading

√ Automated continuous integration tools that work well with CF

√ A portable development environment baked into your codebase… for free!

 

Learn about these and many more strategies in our free ColdFusion Alive Best Practices Checklist.

http://traffic.libsyn.com/coldfusionalive/Freitag_final.mp3

Podcast: Play in new window | Download | Embed

Subscribe: Apple Podcasts | RSS

Speaker details

Pete Freitag has well over a dozen years of experience building web applications with ColdFusion. In 2006 he started Foundeo Inc (foundeo.com), a ColdFusion consulting and products company. Pete helps clients develop and architect custom ColdFusion applications, as well as review and improve the performance and security of existing applications. He has also built several products and services for ColdFusion including a Web Application Firewall for ColdFusion called FuseGuard (fuseguard.com) and a ColdFusion server security scanning service called HackMyCF (hackmycf.com). Pete holds a BS in Software Engineering from Clarkson University.

Links

  • Foundeo
  • Twitter
  • Blog 

 

(* WWIT = What Would It Take)

Interview transcript

Michael:            Welcome back to the show. I'm here with Pete Frietag, or Freitag. How do you say your name Pete?

Pete:                  In German, I mean, it's Freitag, so probably if you want to go with that pronunciation, it'd be Freitag.

Michael:            Freitag. In America, we say …

Pete:                  You say Freitag.

Michael:            Freitag. All right. He's the founder of Foundeo, that sounds very whatever, founder of Foundeo. He is a ColdFusion security expert. He's the creator of FuseGuard and HackMyCF. Not surprising to me, we're gonna be talking about secrets of high security ColdFusion code today on the CF Alive podcast. We're alive here at Into the Box, which is why we're on the same piece of video real estate here. Coming up in this episode, we're going to be looking at why you should even care about securing your ColdFusion code, and what the common misconception is about website security. How long does it typically take between a site being hacked and discovering the hack? How you should get started securing your CF code, and are some versions of ColdFusion more [inaudible 00:01:11] than others, and why is that the case.

Read more

 

 

Related Posts

  • Hear Us Roar: A Manifesto for Women and Minorities in Startup, Tech, and Business Communities with Sophia Eng-TranscriptHear Us Roar: A Manifesto for Women and Minorities in Startup, Tech, and Business Communities with Sophia Eng-Transcript
  • 001 Amazing Adventures with CF WebSockets with Giancarlo Gomez001 Amazing Adventures with CF WebSockets with Giancarlo Gomez
  • 056 Into the CLOUD with FusionReactor (ColdFusion Application Performance Monitor) with David Tattersall056 Into the CLOUD with FusionReactor (ColdFusion Application Performance Monitor) with David Tattersall
  • Fixinator- A New, Powerful Security for Your CFML CodeFixinator- A New, Powerful Security for Your CFML Code
  • Adobe Apollo Alpha PublicAdobe Apollo Alpha Public
  • 057 Progressive Web Apps Building – Amazing Lucee CFML and ColdBox Tricks with Miles Rausch057 Progressive Web Apps Building – Amazing Lucee CFML and ColdBox Tricks with Miles Rausch
  • Facebook
  • Twitter
  • LinkedIn

Filed Under: CF Alive Podcast, IntoTheBox Conference, Security

← Previous Post 019 A Whirlwind Tour of Preside Application Framework in the Wild, with Alex Skinner – Transcript
Next Post → 020 Secrets of High-Security ColdFusion Code, With Pete Freitag – Transcript

Subscribe on iTunes

CF Alive Best Practices Checklist

 

Modern ColdFusion development best practices that reduce stress, inefficiency, project lifecycle costs while simultaneously increasing project velocity and innovation.

Recent Posts

  • 4 Reasons Why Your ColdFusion Web Apps Are Suffering (And How To Avoid It)
  • Google Down – An Unprecedented Event (Save Your Data Fast!)
  • 107 ColdFusion 2021 Revealing Details on How it was Created with Rakshith Naresh
  • Into The Box LatAm 2020 Virtual Conference – Free to Register!
  • Slow ColdFusion Applications May Ruin Your Business (3 Steps to Prevent It)

Categories

  • ActionScript
  • Adobe CF Summit
  • Adobe CF Summit East
  • Adobe CF Summit East 2018
  • Adobe ColdFusion 11
  • Adobe ColdFusion 2020 Beta
  • Adobe ColdFusion 2021
  • Adobe ColdFusion Project Stratus
  • Adobe ColdFusion Security
  • AIR
  • Ajax
  • AngularJS
  • Announcement
  • API
  • Apollo
  • Auto Security Lockdown
  • AWS
  • C#
  • Certification
  • CF Alive
  • CF Alive Book
  • CF Alive Podcast
  • CF Camp
  • CF Developer week
  • CF Maintenance
  • CF Summit India
  • CF Tags
  • CF Training
  • CF Vs. Other Languages
  • CFEclipse
  • CFML
  • CFML Open- Source
  • CFObjective
  • cfquery
  • CFSummit
  • CFUnited
  • China Chopper
  • CIO
  • Classes
  • Client Highlights
  • ColdBox
  • ColdFusion
  • ColdFusion 2018
  • ColdFusion 2020
  • ColdFusion 2021
  • ColdFusion 9
  • ColdFusion community
  • ColdFusion Conference
  • ColdFusion Consulting
  • ColdFusion Developer
  • ColdFusion Development
  • ColdFusion Hosting
  • ColdFusion Security
  • ColdFusion Webinar
  • CommandBox
  • Conference
  • Cool Stuff
  • Culture
  • Cybercrime
  • Database
  • Development Approach
  • DevOps
  • Docker
  • Fixinator
  • Flex
  • Frameworks
  • Fusebox
  • FusionReactor
  • Futurology
  • Garbage Collector
  • Google Down
  • Into The Box Latam
  • IntoTheBox Conference
  • Java
  • JavaScript
  • JVM
  • Learn ColdFusion
  • Legacy Code
  • Load Testing
  • Lucee
  • Management
  • MAX
  • MDCFUG Lunch
  • Microsoft Azure
  • Mindmapping
  • MockBox
  • Modernize ColdFusion
  • Monitoring
  • Muracon
  • NCDevCon
  • New Intern
  • News
  • Node.js
  • Open- Source
  • ORM
  • Ortus Developer Week
  • Ortus Roadshow
  • Performance
  • Performance Tuning
  • PHP
  • Productivity
  • Programming Languages
  • Project planning
  • Query of Queries
  • Roadmap
  • Scalability
  • Security
  • Server Software
  • Server Tuning
  • Social Media
  • Spiral Web
  • SQL
  • Success Story
  • Survey
  • Technology
  • TestBox
  • Tips
  • Transcript
  • Trapeze Development
  • Uncategorized
  • Web 2.0
  • Web Application
  • Web Server
  • Webinar
  • Webmail
  • What is ColdFusion?
  • Whole Brain Development
  • Women in Tech
  • Work From Home

Recent Comments

  • Michaela Light on A Comprehensive Guide to Running a Successful CFML Project
  • Michaela Light on Is Lucee CFML now better than Adobe ColdFusion?
  • Michaela Light on Introducing Swansea Jack (Lucee CFML 6 announced)
  • Michaela Light on 082 ColdFusion and the Blockchain Revolution with Mike Brunt
  • Michaela Light on 082 ColdFusion and the Blockchain Revolution with Mike Brunt
  • Home
  • Services
  • About Us
  • CF Alive
    • CF Alive Book
    • CF Alive Inner Circle
    • CF Alive full resources cheatsheet
  • Blog
  • Podcast
    • Podcast Guest schedule
  • Contact
  • Sitemap

The ColdFusion Experts:
Develop, Secure, Optimize

TeraTech Inc
451 Hungerford Drive Suite 119
Rockville, MD 20850

Tel : +1 (301) 424 3903
Fax: +1 (301) 762 8185

Follow us on Facebook Follow us on LinkedIn Follow us on Twitter Follow us on Pinterest Follow us on YouTube

Copyright © 1998–2021 TeraTech Inc. All rights Reserved.