Lesson 8: Secure Your Code: The Andúril of Testing
[CFL2M] How to make code more secure
*Note: This content is from our free ColdFusion Legacy 2 Modernization E-Course [CFL2M]. Interested in getting the full course? Click here to sign up.
If you want to succeed, you should be running regular security checks on your code.
High-quality code requires a good set of tools. CFLint (formatting), Fixinator (security), and TestBox (testing the code) are three great ones.
Last email you got a summary of the first half of this e-course. Now, it’s time to add more CF tools to your repertoire that will make your life as easy as Frodo’s peaceful days in Rivendell.
CFLint is crucial for maintaining consistency in code formatting. Making your CFML easier to read. Especially when several developers are editing the same codebase.
This helps you spot and fix issues early in the development process, leading to more secure and reliable applications.
Fixinator is great because it specializes in detecting a wide array of security vulnerabilities specific to CFML, such as SQL Injection and XSS, ensuring applications are secure against threats.
It also can automatically find and fix security issues in your CFML code.
TestBox lets you write automated tests for your CF app using a synta similar to CFscript. You can see “green lights” on all code that passes tests, with “red lights” on failed tests. TestBox integrates seamlessly into CI/CD pipelines for continuous testing.
TestBox makes moving to BDD (Behavior Driven Development) best practices easy.
There are alternatives to these 3 options, but these are the popular ones.
Aragorn Action Step: Download and try out one of these tools: CFLint, Fixinator, or TestBox.
These tools are great, but it gets even better!
In the next email, I’ll show you how to automate your CI/CD so you can save even more time and energy, like using the light of Eärendil to guide your path through dark caverns.
Keep up the good work!
Michaela Light, CEO TeraTech