With the modernization of Adobe ColdFusion, we are witnessing some major improvements in many fields. Security is just one of many. Auto Lockdown features, Containerization and many more are visible as well. Let’s dive in and see what make CF modern and reliable. Security Security concerns are an important part of any programming […]
No-Nonsense November: Ongoing Security Alert for Legacy Coders
I told you so. That’s probably the worst thing someone can say to you. Especially when it comes to security. Many times over, I have preached the importance of staying up to date with the latest security patches and upgrades. This is for one big reason. The bad guys are always one step ahead. As […]
CF Camp 2018: Madness in Munich Part Four- ORM–Love it or Hate it?
Hello and welcome back once again to our series, CF Camp 2018: Madness in Munich! Throughout the series, we have been discussing hot ticket items that will be discussed at this year’s upcoming CF Camp, the only CF conference in Europe. Today, we will be talking about ORM–or Object Relational Mapping. Often dubbed as the […]
Top 5 Security Issues Solved with Adobe ColdFusion 2018
The Conficker Worm of 2008 In 2008, The Conficker worm program (also known as the Downadup worm) replicated itself across computers around the world and is still alive to this day. It turns your computer into a spam machine and monitors your sensitive information through keystroke logging. This info is then sent back to its […]
Everything CF Summit 2018: Securing Mature CFML Codebases
From 2012 to 2013, vulnerable Adobe ColdFusion servers fell under attack by hacktivist group Anonymous including allegedly British hacker Lauri Love. Operation Last Resort, as it was named by Anonymous, affected many government servers including those of NASA, the US Army, and the Federal Reserve. How was all of this achieved? Love and Anonymous employed […]
How One Company Improved Their ColdFusion Security (From Datanapped to Safe)
One day a company much like yours -let’s call them “The Company”- called us to get our help with a serious problem. Someone had hacked into to their ColdFusion server and encrypted all of their important data files. Subsequently, The Company received an email asking for $100,000 to decrypt these files. The Company had been […]
ColdFusion Security Hotfix (APSB17-30) Released
Just last week, Adobe released their security updates (APSB17-30) for ColdFusion 2016 and ColdFusion 11. The said update was specifically created to fix two critical and one important issue. However, take note that the ColdFusion 10 and older will be vulnerable to some if not all of the issues. Plus, since the older versions began […]
020 Secrets of High-Security ColdFusion Code, With Pete Freitag
Pete Freitag talks about “Secrets of High-Security ColdFusion Code” in this episode of ColdFusion Alive Podcast with host Michaela Light. Pete is the founder of Foundeo, creator of FuseGuard and HackMyCF and he is a ColdFusion security expert. Episode topics Why should you care about security in your CF code What is the most common misconception […]
Preventing SQL Injection Attacks
SQL Injection can damage your website’s data and spread to other sites in your organization. This article explains how it works and how you can prevent it. Exploited vulnerabilities: A SQL Injection attack relies on the someone sending an HTTP request (web site visitor) being able to add SQL commands to a URL or […]
ColdFusion developer security guidelines
These ColdFusion developer security guidelines from Adobe are cool! And so much code that I review from other (best unnamed) organizations don’t follow these simple tips. Check it out at at URL below and make sure that your apps are secure! http://www.adobe.com/devnet/coldfusion/articles/dev_security/coldfusion_security.pdf
