Priority and Severity Ratings According to Adobe
Before we get into what the security problems actually are, we need to understand Adobe’s degrees of importance. Adobe breaks down potential threats and security risks into two separate scales.
The priority scale evaluates the risk associated with each vulnerability in question. The priorities are based on a number of factors including types of vulnerabilities, historic attack patterns, and platforms affected. The scale has 3 separate levels with recommended timelines for remedy. Adobe’s scale is as follows:
- Priority 1:
- This update resolves around targeted ColdFusion vulnerabilities, or which have a higher target risk, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible. (within 72 hours).
- Priority 2:
- This update resolves vulnerabilities in ColdFusion that have historically been at elevated risk. There are currently no known exploits. Based on previous experience, we do not anticipate exploits are imminent. As a best practice, Adobe recommends administrators install the update soon (within 30 days).
- Priority 3:
- This update resolves vulnerabilities in CF that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion.
The Adobe severity scale helps you determine the security impact of each vulnerability.
||A CF vulnerability, which, if exploited would allow malicious native-code to execute, without a user being aware.
||A CF vulnerability, which, if exploited would compromise data security. This allows access to confidential data, or could compromise processing resources in a user's computer.
||A CF vulnerability that is limited to a significant degree by factors such as default configuration, auditing, or is difficult to exploit.
ColdFusion Security Procedure developed by TeraTech
TeraTech experts can assess your apps and decide if they are at risk to security threats.
Once risks have been identified, we are working on providing the fixes and solutions on how to repair and secure your code.
Actions performed if your system is affected:
- Install the updates provided after appropriate testing.
- Run all software as a non-privileged user to minimize effects of attack.
- Remind users not to visit websites or follow links provided by untrusted sources.
- Educate users of the threats posed by hypertext links contained in emails or attachments especially from untrusted sources.
- Apply the Principle of Least Privilege to all systems and services.
TeraTech ColdFusion Best Practices to deploy when securing your ColdFusion platform:
- Understand Basic ColdFusion
- This sounds like a no-brainer, but failure to understand your platform can lead to gross amounts of human error. Human error can lead to an obscene degree of improper coding and that carries over to security concerns as well.
- Write in Security
- By writing secure code and implementing security in the design, we minimize the number of attacks. However, if the attack does occur and an extra level of cryptography or security will minimize the effects of the attack.
- Ensure your Security
- Be careful to maintain proper code design. When coding is complete, be sure to use proper security testing to make sure your system is as secure as you believe it is.
- Secure Deployment
- Along with proper testing, TeraTech experts use security tools that will further hamper malicious attacks on your software. Sometimes, an extra layer of security will do the trick.
- Verify Code Compliance
- Compliances are set for a reason. Make sure your codes are up to snuff when publishing to catch easily preventable attacks.
- TeraTech Experts Help to Train Yourself and Your Team
- Cybersecurity is an ever-changing battlefield. Stay up-to-date on current threats and the countermeasures for them. Continue to train yourself and your team for the current standards for program developing.
- Update your Platform
- When ColdFusion releases new security updates…we recommend doing the UPDATE. Many web app attacks are easily prevented by keeping your platform updated. No need to undergo full security troubleshoot due to simple complacency. Stay vigilant with your security updates.
- Backup regularly
- We make sure to perform regular backups of your OS and Databases
The big part of TeraTech maintenance and prevention tactics is to help you stay updated with all ColdFusion updates and new releases. The more updated and secure your ColdFusion platform is, the more secure your code will be. Maintaining security the right thing to do for your web apps, clients, and code. If ever you should experience any unlisted security issues with ColdFusion, TeraTech experts will make sure that the problem is addressed immediately in order to secure your application.