TeraTech

The ColdFusion Experts: Develop | Secure | Optimize

  • Services
  • About
  • CF Alive
  • Blog
  • Podcast
  • Contact

  • Services
  • About
  • CF Alive
  • Blog
  • Podcast
  • Contact

Fixinator- A New, Powerful Security for Your CFML Code

May 16, 2019 By Michaela Light Leave a Comment

Contents

  • What is Fixinator?
  • Continuous Innovation
  • Continuous security for your CFML code with Fixinator Webinar with Pete Freitag
  • Join the CF Alive revolution

Just recently, I talked with Pete Freitag from Foundeo about ColdFusion security issues and solutions. For those of you that don't already know this, Pete is one of the best CF security experts out there. And, modernizing ColdFusion is just that! Making it more secure, and alive. #ModernizeOrDie was the main moto at Into The Box 2019.

What is Fixinator?

Fixinator is a CFML security code scanner. What it does, is it basically you give it a directory of code, or even just a single file. It will go through it and will look for security issues. The type of things it finds could be anything from

  • SQL injection vulnerabilities,
  • remote code execution,
  • etc.

For the ones that it finds vulnerabilities, it will automatically fix them. Here's an example:

You have an SQL injection vulnerability in a CF query tag and you run Fixinator- you can say it has a feature called Auto Fix; auto fix=auto and that just fixes it for you without asking you anything. There's a prompt mode too if you want to have more control.

The second feature is that it looks for all known vulnerabilities so if you are using an old version of SDK editor that has a file upload ability, it will be able to detect those types of things.

It will also provide a full report on all problems and issues in HTML od PDF format, or even  JSON file if you want to manipulate it. Additionally, it supports JUnit format as well.

Continuous Innovation

You are also able to integrate Fixinator into a continuous innovation pipeline, eg. Gitlab repository, so that anytime you want to commit your code it will run the scan automatically. After you output this report file in JUnit format it will provide you with a nice overview of all the things it found. This way, it will stop the thing putting into production, because you have  a full pipeline of deployment setup.

Continuous security for your CFML code with Fixinator Webinar with Pete Freitag

In this webinar Pete explained how to scan a code base, produce reports, and let Fixinator fix some of the issues it finds. Another takeaway was on how to setup Fixinator in a continuous integration workflow, so it runs every time you commit code to the repository, giving you instant, automatic, continuous feedback.

Here are the slides from Pete's presentation.

Pete Freitag has well over a dozen years of experience building web applications with ColdFusion. In 2006 he started Foundeo Inc (foundeo.com), a ColdFusion consulting and products company. Pete helps clients develop and architect custom ColdFusion applications, as well as review an improve the performance and security of existing applications. He has also built several products and services for ColdFusion including a Web Application Firewall for ColdFusion called FuseGuard (fuseguard.com) and a ColdFusion server security scanning service called HackMyCF (hackmycf.com). Pete holds a BS in Software Engineering from Clarkson University.

Related: Secrets of High-Security ColdFusion Code, With Pete Freitag

 

Join the CF Alive revolution

Discover how we can all make CF more alive, modern and secure this year. Join other ColdFusion developers and managers in the CF Alive Inner Circle today.

  • Get early access to the CF Alive book and videos
  • Be part of a new movement for improving CF's perception in the world.
  • Contribute to the CF Alive revolution
  • Connect with other CF developers and managers
  • There is no cost to membership.

 

Related Posts

  • ColdFusion Hosting (How To Choose the Best One)ColdFusion Hosting (How To Choose the Best One)
  • TestBox and MockBox- How Using Them Helps ColdFusion Leaders Save MoneyTestBox and MockBox- How Using Them Helps ColdFusion Leaders Save Money
  • 077 Fundamentals of Unit Testing, BDD and Mocking (using TestBox and MockBox) with Uma Ghotikar077 Fundamentals of Unit Testing, BDD and Mocking (using TestBox and MockBox) with Uma Ghotikar
  • CFCamp 2018 Announcements and Big ExpectationsCFCamp 2018 Announcements and Big Expectations
  • 070 CommandBox 4 Deep Dive (new version revealed) with Brad Wood070 CommandBox 4 Deep Dive (new version revealed) with Brad Wood
  • Only 3 Weeks and 15 Tickets Left for Into The Box 2018 ConferenceOnly 3 Weeks and 15 Tickets Left for Into The Box 2018 Conference
  • Facebook
  • Twitter
  • LinkedIn

Filed Under: CFML, ColdFusion, Fixinator, Learn ColdFusion, Security Tagged With: CFML, ColdFusion, Fixinator, Security

← Previous Post State of the CF Union 2019 Survey (Final Results)
Next Post → Adobe ColdFusion Vision for the Next 10 Years, with Rakshith Naresh

CF Alive Best Practices Checklist

 

Modern ColdFusion development best practices that reduce stress, inefficiency, project lifecycle costs while simultaneously increasing project velocity and innovation.

Recent Posts

  • 4 Reasons Why Your ColdFusion Web Apps Are Suffering (And How To Avoid It)
  • Google Down – An Unprecedented Event (Save Your Data Fast!)
  • 107 ColdFusion 2021 Revealing Details on How it was Created with Rakshith Naresh
  • Into The Box LatAm 2020 Virtual Conference – Free to Register!
  • Slow ColdFusion Applications May Ruin Your Business (3 Steps to Prevent It)

Categories

  • ActionScript
  • Adobe CF Summit
  • Adobe CF Summit East
  • Adobe CF Summit East 2018
  • Adobe ColdFusion 11
  • Adobe ColdFusion 2020 Beta
  • Adobe ColdFusion 2021
  • Adobe ColdFusion Project Stratus
  • Adobe ColdFusion Security
  • AIR
  • Ajax
  • AngularJS
  • Announcement
  • API
  • Apollo
  • Auto Security Lockdown
  • AWS
  • C#
  • Certification
  • CF Alive
  • CF Alive Book
  • CF Alive Podcast
  • CF Camp
  • CF Developer week
  • CF Maintenance
  • CF Summit India
  • CF Tags
  • CF Training
  • CF Vs. Other Languages
  • CFEclipse
  • CFML
  • CFML Open- Source
  • CFObjective
  • cfquery
  • CFSummit
  • CFUnited
  • China Chopper
  • CIO
  • Classes
  • Client Highlights
  • ColdBox
  • ColdFusion
  • ColdFusion 2018
  • ColdFusion 2020
  • ColdFusion 2021
  • ColdFusion 9
  • ColdFusion community
  • ColdFusion Conference
  • ColdFusion Consulting
  • ColdFusion Developer
  • ColdFusion Development
  • ColdFusion Hosting
  • ColdFusion Security
  • ColdFusion Webinar
  • CommandBox
  • Conference
  • Cool Stuff
  • Culture
  • Cybercrime
  • Database
  • Development Approach
  • DevOps
  • Docker
  • Fixinator
  • Flex
  • Frameworks
  • Fusebox
  • FusionReactor
  • Futurology
  • Garbage Collector
  • Google Down
  • Into The Box Latam
  • IntoTheBox Conference
  • Java
  • JavaScript
  • JVM
  • Learn ColdFusion
  • Legacy Code
  • Load Testing
  • Lucee
  • Management
  • MAX
  • MDCFUG Lunch
  • Microsoft Azure
  • Mindmapping
  • MockBox
  • Modernize ColdFusion
  • Monitoring
  • Muracon
  • NCDevCon
  • New Intern
  • News
  • Node.js
  • Open- Source
  • ORM
  • Ortus Developer Week
  • Ortus Roadshow
  • Performance
  • Performance Tuning
  • PHP
  • Productivity
  • Programming Languages
  • Project planning
  • Query of Queries
  • Roadmap
  • Scalability
  • Security
  • Server Software
  • Server Tuning
  • Social Media
  • Spiral Web
  • SQL
  • Success Story
  • Survey
  • Technology
  • TestBox
  • Tips
  • Transcript
  • Trapeze Development
  • Uncategorized
  • Web 2.0
  • Web Application
  • Web Server
  • Webinar
  • Webmail
  • What is ColdFusion?
  • Whole Brain Development
  • Women in Tech
  • Work From Home

Recent Comments

  • Michaela Light on A Comprehensive Guide to Running a Successful CFML Project
  • Michaela Light on Is Lucee CFML now better than Adobe ColdFusion?
  • Michaela Light on Introducing Swansea Jack (Lucee CFML 6 announced)
  • Michaela Light on 082 ColdFusion and the Blockchain Revolution with Mike Brunt
  • Michaela Light on 082 ColdFusion and the Blockchain Revolution with Mike Brunt
  • Home
  • Services
  • About Us
  • CF Alive
    • CF Alive Book
    • CF Alive Inner Circle
    • CF Alive full resources cheatsheet
  • Blog
  • Podcast
    • Podcast Guest schedule
  • Contact
  • Sitemap

The ColdFusion Experts:
Develop, Secure, Optimize

TeraTech Inc
451 Hungerford Drive Suite 119
Rockville, MD 20850

Tel : +1 (301) 424 3903
Fax: +1 (301) 762 8185

Follow us on Facebook Follow us on LinkedIn Follow us on Twitter Follow us on Pinterest Follow us on YouTube

Copyright © 1998–2021 TeraTech Inc. All rights Reserved.