ColdFusion Security

TeraTech ColdFusion experts have decades of combined experience in CF security.

Together with our in-depth knowledge of ColdFusion security audits, we can help keep your applications and data secured better than most in house software teams.

ColdFusion Security Problem Identification and Fix

Typical engagements involve highly aggressive time-restraints to get business-critical systems running smoothly. Building on our consulting infrastructure and vast experience, we’re able to offer the fastest route to identifying and solving your problems.

Our engineers work flexibly and quickly adapt to fit with your requirements – whether you need a quick fix of your problem, or prefer our ColdFusion experts to step in full, and resolve your issues autonomously, we can help.

Our ColdFusion experts are cross-technology trained & certified.

By growing your business, there are some obstacles on the way. We at TeraTech want to make sure that your ColdFusion app is updated and secure.

To show you exactly what TeraTech has done for others, and how we can provide similar CF solutions for your organization, we’ve added some recent case studies below. Of course, all organizations and companies are different, but we want to make it clear that we give every one of our clients the same “white glove treatment” we provided for these organizations.

Priority and Severity Ratings According to Adobe

Before we get into what the security problems actually are, we need to understand Adobe’s degrees of importance. Adobe breaks down potential threats and security risks into two separate scales.

Priority Scale

The priority scale evaluates the risk associated with each vulnerability in question. The priorities are based on a number of factors including types of vulnerabilities, historic attack patterns, and platforms affected. The scale has 3 separate levels with recommended timelines for remedy. Adobe’s scale is as follows:

  • Priority 1:
    • This update resolves around targeted ColdFusion vulnerabilities, or which have a higher target risk, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible. (within 72 hours).
  • Priority 2:
    • This update resolves vulnerabilities in ColdFusion that have historically been at elevated risk. There are currently no known exploits. Based on previous experience, we do not anticipate exploits are imminent. As a best practice, Adobe recommends administrators install the update soon (within 30 days).
  • Priority 3:
    • This update resolves vulnerabilities in CF that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion.

Severity Scale

The Adobe severity scale helps you determine the security impact of each vulnerability.

Critical A CF vulnerability, which, if exploited would allow malicious native-code to execute, without a user being aware.
Important A CF vulnerability, which, if exploited would compromise data security. This allows access to confidential data, or could compromise processing resources in a user's computer.
Moderate A CF vulnerability that is limited to a significant degree by factors such as default configuration, auditing, or is difficult to exploit.

TeraTech ColdFusion Best Practices to deploy when securing your ColdFusion platform:

  • Understand Basic ColdFusion
    • This sounds like a no-brainer, but failure to understand your platform can lead to gross amounts of human error. Human error can lead to an obscene degree of improper coding and that carries over to security concerns as well.
  • Write in Security
    • By writing secure code and implementing security in the design, we minimize the number of attacks. However, if the attack does occur and an extra level of cryptography or security will minimize the effects of the attack.
  • Ensure your Security
    • Be careful to maintain proper code design. When coding is complete, be sure to use proper security testing to make sure your system is as secure as you believe it is.
  • Secure Deployment
    • Along with proper testing, TeraTech experts use security tools that will further hamper malicious attacks on your software. Sometimes, an extra layer of security will do the trick.
  • Verify Code Compliance
    • Compliances are set for a reason. Make sure your codes are up to snuff when publishing to catch easily preventable attacks.
  • TeraTech Experts Help to Train Yourself and Your Team
    • Cybersecurity is an ever-changing battlefield. Stay up-to-date on current threats and the countermeasures for them. Continue to train yourself and your team for the current standards for program developing.
  • Update your Platform
    • When ColdFusion releases new security updates…we recommend doing the UPDATE. Many web app attacks are easily prevented by keeping your platform updated. No need to undergo full security troubleshoot due to simple complacency. Stay vigilant with your security updates.
  • Backup regularly
    • We make sure to perform regular backups of your OS and Databases

The big part of TeraTech maintenance and prevention tactics is to help you stay updated with all ColdFusion updates and new releases. The more updated and secure your ColdFusion platform is, the more secure your code will be. Maintaining security the right thing to do for your web apps, clients, and code. If ever you should experience any unlisted security issues with ColdFusion, TeraTech experts will make sure that the problem is addressed immediately in order to secure your application.

ColdFusion Security Procedure developed by TeraTech

TeraTech experts can assess your apps and decide if they are at risk to security threats.

Once risks have been identified, we are working on providing the fixes and solutions on how to repair and secure your code.

Actions performed if your system is affected:

  1. Install the updates provided after appropriate testing.
  2. Run all software as a non-privileged user to minimize effects of attack.
  3. Remind users not to visit websites or follow links provided by untrusted sources.
  4. Educate users of the threats posed by hypertext links contained in emails or attachments especially from untrusted sources.
  5. Apply the Principle of Least Privilege to all systems and services.

TeraTech Testimonials

"What you can learn about yourself and your own code from folks who know what they're doing, like the people at TeraTech is only going to help you improve your product; improve your code by understanding what you can do better.

You might learn something!

Or by finding one of those bugs that really would have bit you and may have been a career-limiting event. So don't take the help of others for granted.

Two moments that were very encouraging about the working time with TeraTech. The first moment was right at the beginning when there was a Basecamp site set up and I saw that there was going to be good communication and project management pools you right from the start. That gives me a lot of confidence that the people I'm working with are going to be right on top of all the communication, keep track of all the details that I won't have to worry about. Having a good, robust establish communication method for your team to all work together and work with me directly was an Aha moment that this is, this process is going to go well.
Number two was seeing the deliverable document or the draft, the first draft of the deliverable document at the end of the project. I've certainly worked with enough people in the past. You have gotten an email or a form word document or pdf where the company name is filled in and that's always discouraging to me cause I don't like the work product that I'm paying, you know, if the money of our students in our institution to go to a form with some checkboxes and the work product from TeraTech was, was fantastic. It was not only a full set of test results that was sort of in that form format, but also, very well detailed question and answer and concern points and compliance and best practice points at weren't form. This is how it could impact your business or how effective are secure your application as this is the problem or these are the problems where you're straying from best practice or potential security concerns. And that was important to me to see that the project really focused on us as a customer individually and not as a, here we've done our standard thing, we filled in the blanks and there's your work product.  I felt very good about the value product that TeraTech provided."

Brad Metzler
Sr. Network Engineer
Concordia University
ColdFusion Security Audit and Code Review

ColdFusion Security Solutions by TeraTech

Perhaps your app was was written in ColdFusion over many years (decades even!) You have concerns about using best practices and security of the code and server.

Here is what a TeraTech Security Audit will deliver

  • A written security audit report that identifies high, medium and low-risk issues and suggested mitigations
  • CF code issues and how to remediate
  • CF Server config issues and how to remediate
  • All security changes to code and server config will be given to you in a report. So you can learn and improve your CF.
  • Optionally we can make the changes to your server and code or you can do yourself.