TeraTech

The ColdFusion Experts: Develop | Secure | Optimize

  • Services
  • About
  • CF Alive
  • Blog
  • Podcast
  • Contact

  • Services
  • About
  • CF Alive
  • Blog
  • Podcast
  • Contact

Fixinator- A New, Powerful Security for Your CFML Code

May 16, 2019 By Michaela Light Leave a Comment

Contents

  • What is Fixinator?
  • Continuous Innovation
  • Continuous security for your CFML code with Fixinator Webinar with Pete Freitag
  • Join the CF Alive revolution

Just recently, I talked with Pete Freitag from Foundeo about ColdFusion security issues and solutions. For those of you that don't already know this, Pete is one of the best CF security experts out there. And, modernizing ColdFusion is just that! Making it more secure, and alive. #ModernizeOrDie was the main moto at Into The Box 2019.

What is Fixinator?

Fixinator is a CFML security code scanner. What it does, is it basically you give it a directory of code, or even just a single file. It will go through it and will look for security issues. The type of things it finds could be anything from

  • SQL injection vulnerabilities,
  • remote code execution,
  • etc.

For the ones that it finds vulnerabilities, it will automatically fix them. Here's an example:

You have an SQL injection vulnerability in a CF query tag and you run Fixinator- you can say it has a feature called Auto Fix; auto fix=auto and that just fixes it for you without asking you anything. There's a prompt mode too if you want to have more control.

The second feature is that it looks for all known vulnerabilities so if you are using an old version of SDK editor that has a file upload ability, it will be able to detect those types of things.

It will also provide a full report on all problems and issues in HTML od PDF format, or even  JSON file if you want to manipulate it. Additionally, it supports JUnit format as well.

Continuous Innovation

You are also able to integrate Fixinator into a continuous innovation pipeline, eg. Gitlab repository, so that anytime you want to commit your code it will run the scan automatically. After you output this report file in JUnit format it will provide you with a nice overview of all the things it found. This way, it will stop the thing putting into production, because you have  a full pipeline of deployment setup.

Continuous security for your CFML code with Fixinator Webinar with Pete Freitag

In this webinar Pete explained how to scan a code base, produce reports, and let Fixinator fix some of the issues it finds. Another takeaway was on how to setup Fixinator in a continuous integration workflow, so it runs every time you commit code to the repository, giving you instant, automatic, continuous feedback.

Here are the slides from Pete's presentation.

Pete Freitag has well over a dozen years of experience building web applications with ColdFusion. In 2006 he started Foundeo Inc (foundeo.com), a ColdFusion consulting and products company. Pete helps clients develop and architect custom ColdFusion applications, as well as review an improve the performance and security of existing applications. He has also built several products and services for ColdFusion including a Web Application Firewall for ColdFusion called FuseGuard (fuseguard.com) and a ColdFusion server security scanning service called HackMyCF (hackmycf.com). Pete holds a BS in Software Engineering from Clarkson University.

Related: Secrets of High-Security ColdFusion Code, With Pete Freitag

 

Join the CF Alive revolution

Discover how we can all make CF more alive, modern and secure this year. Join other ColdFusion developers and managers in the CF Alive Inner Circle today.

  • Get early access to the CF Alive book and videos
  • Be part of a new movement for improving CF's perception in the world.
  • Contribute to the CF Alive revolution
  • Connect with other CF developers and managers
  • There is no cost to membership.

 

Related Posts

  • ColdFusion Server Crashing –  First 3 Steps to Fix it FastColdFusion Server Crashing – First 3 Steps to Fix it Fast
  • ColdFusion Hosting Independent Review (How To Choose the Best One)ColdFusion Hosting Independent Review (How To Choose the Best One)
  • TestBox and MockBox- How Using Them Helps ColdFusion Leaders Save MoneyTestBox and MockBox- How Using Them Helps ColdFusion Leaders Save Money
  • 077 Fundamentals of Unit Testing, BDD and Mocking (using TestBox and MockBox) with Uma Ghotikar077 Fundamentals of Unit Testing, BDD and Mocking (using TestBox and MockBox) with Uma Ghotikar
  • CFCamp 2018 Announcements and Big ExpectationsCFCamp 2018 Announcements and Big Expectations
  • 070 CommandBox 4 Deep Dive (new version revealed) with Brad Wood070 CommandBox 4 Deep Dive (new version revealed) with Brad Wood
  • Facebook
  • Twitter
  • LinkedIn

Filed Under: CFML, ColdFusion, Fixinator, Learn ColdFusion, Security Tagged With: CFML, ColdFusion, Fixinator, Security

← Previous Post State of the CF Union 2019 Survey (Final Results)
Next Post → Adobe ColdFusion Vision for the Next 10 Years, with Rakshith Naresh

Popular podcast episodes

  • Revealing ColdFusion 2021 – Rakshith Naresh
  • CF and Angular – Nolan Erck
  • Migrating legacy CFML – Nolan Erck
  • Adobe API manager – Brian Sappey
  • Improve your CFML code – Kai Koenig

CF Alive Best Practices Checklist

 

Modern ColdFusion development best practices that reduce stress, inefficiency, project lifecycle costs while simultaneously increasing project velocity and innovation.

Top articles

  • CF Hosting (independent guide)
  • What is Adobe ColdFusion
  • Is Lucee CFML now better than ACF?
  • Is CF dead?
  • Learn CF (comprehensive list of resources)

Recent Posts

  • Funny ColdFusion Custom Tag Competition (CFML Programmer’s Jokes)
  • Protected: State of the CF Union 2021 Survey Results
  • ColdFusion Development: Less Coding for Faster Turnaround
  • Protected: State of the CF Union 2021 Survey Released
  • ColdFusion Server Crashing – First 3 Steps to Fix it Fast

Categories

  • ActionScript
  • Adobe CF Summit
  • Adobe CF Summit East
  • Adobe CF Summit East 2018
  • Adobe ColdFusion 11
  • Adobe ColdFusion 2020 Beta
  • Adobe ColdFusion 2021
  • Adobe ColdFusion Project Stratus
  • Adobe ColdFusion Security
  • AIR
  • Ajax
  • AngularJS
  • Announcement
  • API
  • Apollo
  • Auto Security Lockdown
  • AWS
  • C#
  • Certification
  • CF Alive
  • CF Alive Book
  • CF Alive Podcast
  • CF Camp
  • CF Developer week
  • CF Maintenance
  • CF Summit India
  • CF Tags
  • CF Training
  • CF Vs. Other Languages
  • CFEclipse
  • CFML
  • CFML Open- Source
  • CFObjective
  • cfquery
  • CFSummit
  • CFUnited
  • China Chopper
  • CIO
  • Classes
  • Client Highlights
  • ColdBox
  • ColdFusion
  • ColdFusion 2018
  • ColdFusion 2020
  • ColdFusion 2021
  • ColdFusion 9
  • ColdFusion community
  • ColdFusion Conference
  • ColdFusion Consulting
  • ColdFusion Developer
  • ColdFusion Development
  • ColdFusion Hosting
  • ColdFusion Roadmap
  • ColdFusion Security
  • ColdFusion Webinar
  • CommandBox
  • Conference
  • Cool Stuff
  • Culture
  • Cybercrime
  • Database
  • Development Approach
  • DevOps
  • Docker
  • Fixinator
  • Flex
  • Frameworks
  • Fusebox
  • FusionReactor
  • Futurology
  • Garbage Collector
  • Google Down
  • Into The Box Latam
  • IntoTheBox Conference
  • Java
  • JavaScript
  • JVM
  • Learn CFML
  • Learn ColdFusion
  • Legacy Code
  • Load Testing
  • Lucee
  • Management
  • MAX
  • MDCFUG Lunch
  • Microsoft Azure
  • Mindmapping
  • MockBox
  • Modernize ColdFusion
  • Monitoring
  • Muracon
  • NCDevCon
  • New Intern
  • News
  • Node.js
  • Open- Source
  • ORM
  • Ortus Developer Week
  • Ortus Roadshow
  • Performance
  • Performance Tuning
  • PHP
  • Productivity
  • Programming Languages
  • Project planning
  • Query of Queries
  • Scalability
  • Security
  • Server Crash
  • Server Software
  • Server Tuning
  • Social Media
  • Spiral Web
  • SQL
  • Success Story
  • Survey
  • Technology
  • TestBox
  • Tips
  • Transcript
  • Trapeze Development
  • Uncategorized
  • Web 2.0
  • Web Application
  • Web Server
  • Webinar
  • Webmail
  • What is ColdFusion?
  • Whole Brain Development
  • Women in Tech
  • Work From Home
  • Home
  • Services
  • About Us
  • CF Alive
    • CF Alive Book
    • CF Alive Inner Circle
    • CF Alive full resources cheatsheet
  • Blog
  • Podcast
    • Podcast Guest schedule
  • Contact
  • Sitemap

The ColdFusion Experts:
Develop, Secure, Optimize

TeraTech Inc
451 Hungerford Drive Suite 119
Rockville, MD 20850

Tel : +1 (301) 424 3903
Fax: +1 (301) 762 8185

Follow us on Facebook Follow us on LinkedIn Follow us on Twitter Follow us on Pinterest Follow us on YouTube

Copyright © 1998–2021 TeraTech Inc. All rights Reserved.