• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

TeraTech

The ColdFusion Experts: Develop | Secure | Optimize

  • Services
    • Consulting
    • Crash
    • Development
    • Maintenance
    • Modernization
    • Security
  • About Us
  • Testimonials
  • Free Assessment
  • Get in touch!

  • Services
    • Consulting
    • Crash
    • Development
    • Maintenance
    • Modernization
    • Security
  • About Us
  • Testimonials
  • Free Assessment
  • Get in touch!

Fixinator- A New, Powerful Security for Your CFML Code

January 17, 2025 By Michaela Light Leave a Comment

Contents

  • What is Fixinator?
  • Continuous Innovation
  • Continuous security for your CFML code with Fixinator Webinar with Pete Freitag
    • Here are the slides from Pete's presentation.
    • Related: Secrets of High-Security ColdFusion Code, With Pete Freitag
  • Join the CF Alive revolution

Just recently, I talked with Pete Freitag from Foundeo about ColdFusion security issues and solutions. For those of you that don't already know this, Pete is one of the best CF security experts out there. And, modernizing ColdFusion is just that! Making it more secure, and alive. #ModernizeOrDie was the main moto at Into The Box 2019.

What is Fixinator?

Fixinator is a CFML security code scanner. What it does, is it basically you give it a directory of code, or even just a single file. It will go through it and will look for security issues. The type of things it finds could be anything from

  • SQL injection vulnerabilities,
  • remote code execution,
  • etc.

For the ones that it finds vulnerabilities, it will automatically fix them. Here's an example:

You have an SQL injection vulnerability in a CF query tag and you run Fixinator- you can say it has a feature called Auto Fix; auto fix=auto and that just fixes it for you without asking you anything. There's a prompt mode too if you want to have more control.

The second feature is that it looks for all known vulnerabilities so if you are using an old version of SDK editor that has a file upload ability, it will be able to detect those types of things.

It will also provide a full report on all problems and issues in HTML od PDF format, or even  JSON file if you want to manipulate it. Additionally, it supports JUnit format as well.

Continuous Innovation

You are also able to integrate Fixinator into a continuous innovation pipeline, eg. Gitlab repository, so that anytime you want to commit your code it will run the scan automatically. After you output this report file in JUnit format it will provide you with a nice overview of all the things it found. This way, it will stop the thing putting into production, because you have  a full pipeline of deployment setup.

Continuous security for your CFML code with Fixinator Webinar with Pete Freitag

In this webinar Pete explained how to scan a code base, produce reports, and let Fixinator fix some of the issues it finds. Another takeaway was on how to setup Fixinator in a continuous integration workflow, so it runs every time you commit code to the repository, giving you instant, automatic, continuous feedback.

Here are the slides from Pete's presentation.

Pete Freitag has well over a dozen years of experience building web applications with ColdFusion. In 2006 he started Foundeo Inc (foundeo.com), a ColdFusion consulting and products company. Pete helps clients develop and architect custom ColdFusion applications, as well as review an improve the performance and security of existing applications. He has also built several products and services for ColdFusion including a Web Application Firewall for ColdFusion called FuseGuard (fuseguard.com) and a ColdFusion server security scanning service called HackMyCF (hackmycf.com). Pete holds a BS in Software Engineering from Clarkson University.

Related: Secrets of High-Security ColdFusion Code, With Pete Freitag

 

Join the CF Alive revolution

Discover how we can all make CF more alive, modern and secure this year. Join other ColdFusion developers and managers in the CF Alive Inner Circle today.

  • Get early access to the CF Alive book and videos
  • Be part of a new movement for improving CF's perception in the world.
  • Contribute to the CF Alive revolution
  • Connect with other CF developers and managers
  • There is no cost to membership.

 

  • Facebook
  • Twitter
  • LinkedIn

Filed Under: CFML, Fixinator, Learn ColdFusion Tagged With: CFML, ColdFusion, Fixinator, Security

← Previous Post State of the CF Union 2019 Survey (Final Results)
Next Post → Adobe ColdFusion Vision for the Next 10 Years, with Rakshith Naresh

Primary Sidebar

Popular podcast episodes

  • Revealing ColdFusion 2021 – Rakshith Naresh
  • CF and Angular – Nolan Erck
  • Migrating legacy CFML – Nolan Erck
  • Adobe API manager – Brian Sappey
  • Improve your CFML code – Kai Koenig

CF Alive Best Practices Checklist

Modern ColdFusion development best practices that reduce stress, inefficiency, project lifecycle costs while simultaneously increasing project velocity and innovation.

Get your checklist

Top articles

  • CF Hosting (independent guide)
  • What is Adobe ColdFusion
  • Is Lucee CFML now better than ACF?
  • Is CF dead?
  • Learn CF (comprehensive list of resources)

Recent Posts

  • 141 Into The Box 2025 ColdFusion conference (all the details) with Daniel Garcia – Transcript
  • 141 Into The Box 2025 ColdFusion conference (all the details) with Daniel Garcia
  • 107 ColdFusion 2021 Revealing Details on How it was Created with Rakshith Naresh
  • The Legacy Continues: ColdFusion Summit East Conference Edition
  • 140 BoxLang modern JVM language that runs CFML code (new CFML engine and much more) with Luis Majano and Brad Wood – Transcript

Categories

  • Adobe ColdFusion 11 and older
  • Adobe ColdFusion 2018
  • Adobe ColdFusion 2020 Beta
  • Adobe ColdFusion 2021
  • Adobe ColdFusion 2023
  • Adobe ColdFusion 2024
  • Adobe ColdFusion 2025
  • Adobe ColdFusion Developer week
  • Adobe ColdFusion Project Stratus
  • Adobe ColdFusion Summit
  • AWS
  • BoxLang
  • CF Alive
  • CF Alive Podcast
  • CF Camp
  • CF Tags
  • CF Vs. Other Languages
  • CFEclipse
  • CFML
  • CFML Open- Source
  • CFUnited
  • ColdBox
  • ColdFusion and other news
  • ColdFusion Community
  • ColdFusion Conference
  • ColdFusion Consulting
  • ColdFusion Developer
  • ColdFusion Development
  • ColdFusion Hosting
  • ColdFusion Maintenance
  • ColdFusion Performance Tuning
  • ColdFusion Projects
  • ColdFusion Roadmap
  • ColdFusion Security
  • ColdFusion Training
  • ColdFusion's AI
  • CommandBox
  • Docker
  • Fixinator
  • Frameworks
  • Fusebox
  • FusionReactor
  • IntoTheBox Conference
  • Java
  • JavaScript
  • JVM
  • Learn CFML
  • Learn ColdFusion
  • Legacy Code
  • Load Testing
  • Lucee
  • Mindmapping
  • MockBox
  • Modernize ColdFusion
  • Ortus Developer Week
  • Ortus Roadshow
  • Server Crash
  • Server Software
  • Server Tuning
  • SQL
  • Survey
  • Survey results
  • TestBox
  • Transcript
  • Webinar
  • Women in Tech

TeraTech

  • About Us
  • Contact

Services

  • Free assessment
  • Consulting
  • Crash
  • Development
  • Maintenance
  • Modernization
  • Security
  • Case Studies

Resources

  • CF Alive Book
  • CF Alive Podcast
    • Podcast Guest Schedule
  • TeraTech Blog
  • CF Alive resources
  • CF e-course
  • CF best practice checklist

Community

  • CF Alive
  • CF Inner Circle
  • CF Facebook Group

TeraTech Inc
451 Hungerford Drive Suite 119
Rockville, MD 20850

Tel : +1 (301) 424 3903
Fax: +1 (301) 762 8185

Follow us on Facebook Follow us on LinkedIn Follow us on Twitter Follow us on Pinterest Follow us on YouTube



Copyright © 1998–2025 TeraTech Inc. All rights Reserved. Privacy Policy.