TeraTech

The ColdFusion Experts: Develop | Secure | Optimize

  • Services
  • About
  • CF Alive
  • Blog
  • Podcast
  • Contact

  • Services
  • About
  • CF Alive
  • Blog
  • Podcast
  • Contact

No-Nonsense November: ColdFusion Security Breakdown

November 2, 2018 By Michaela Light Leave a Comment

Contents

  • Adobe ColdFusion 2018 Security Improvements
  • But, why is security just so important?
  • Legacy Code: Old Paths or Open Gateways?
  • What else can I do?
  • Hire a ColdFusion Expert to Protect your Valuables

With the recent British Airways data breach losing 380,000 credit card details, our age old adage has been proven. No system is 100% secure.

This is why the team here at TeraTech has dubbed November as “No-Nonsense November”. We will be diverting our attentions to making sure that your ColdFusion systems are secure as they can be. Furthermore, I will be giving you some tips from industry security leaders to better secure your servers.  

Everyday, new security vulnerabilities are found in all of our favorite programming languages. CFML is no exception. This is why both Adobe and Lucee release regular hotfixes to address them. Not upgrading your platform can be just downright foolish. Check to make sure all your servers are up-to-date! Sometimes, security issues get reported that could have easily been avoided by staying updated.

DON’T BE THAT GUY.

Speaking of new updates to security…

Adobe ColdFusion 2018 Security Improvements

The release of CF 2018 pushes levels of security to a whole new level. Now, you can automatically scan and search your application code for any existing security vulnerabilities and any potential security breaches. ColdFusion will then determine the exact vulnerable code, type of vulnerability, and severity level. Finally, the improved analyzer presents you with the option of removing and repairing the problem via recommended means. Automated security? Sign me up.

On top of that, ColdFusion 2018 offers an automated server lockdown feature. No more fumbling through disorganized manuals and procedures to secure your servers. With the simple click of a button, Adobe does it all for you.

To learn more about what Adobe ColdFusion 2018 has to offer, check out this article: Adobe ColdFusion 2018: Step into the Aether.

But, why is security just so important?

Funny you should ask that. But for those of you who still don’t grasp the magnitude of this nature…

These are some of the problems you can experience with an insecure ColdFusion server:

  • After a breach, personnel job security goes into rapid decline.
  • If you are datanapped, monetary demands may be excessively high.
  • Your customer’s sensitive data could be posted in the Darknet for scamming purposes.
  • If news of the breach goes public, company PR will be damaged.
  • The scope of the problem may be far greater than one particular system.
  • Your CF site slows/crashes due to hackers using the server for spam email sending.

This is just the tip of the iceberg. There are literally hundreds–if not thousands–of reasons why you should maintain maximum security for your CFML platform.

Related: How One Company Improved Their ColdFusion Security (From Datanapped to Safe)

Legacy Code: Old Paths or Open Gateways?

“So my system is outdated, and it runs on legacy code… What’s the big deal? Nobody wants to access my system anyway.”

Sigh. You may be the biggest target out there.

Unused old code and even whole directories of deadwood not only create maintenance confusion, but they are also a major security risk. Often, the older code is less securely written.

In my experience, hackers often penetrate a CF server via deadwood code. Solution?

Clear up your CF deadwood code. Just check out some of the advantages of doing so.

  • Easier Maintenance – Simple and clean code structures help make everyday tasks a breeze.
  • Rapid Deployment – Everyone wants to deploy changes and make future requirement changes to your application quickly and easily. When your code is solid, nothing is keeping you from making quick work of your tasks.
  • Fewer Bugs – Finding and fixing bugs will be much easier. You’ll think you found your virtual can of insect spray!
  • Modern, Responsive Front-End- Your app can now work on both mobile and desktop browsers seamlessly.

But how do you move from that legacy hell to a heaven of modern CFML with easier maintenance and deployment, fewer bugs, and streamlined code?

Join Nolan Erck and I as we dive into that answer on the CF Alive podcast: 059 Migrating legacy CFML to MVC (Model View Controller) with Nolan Erck

What else can I do?

I recommend learning from one of the Security Gurus of today’s modern ColdFusion. One individual, in particular, is great for such reasons.

Pete Freitag.

As Creator of Foundeo.com, he has developed several programs designed specifically for maximizing protection for your CFML. I have had the golden opportunity to interview him on multiple occasions about security topics.

Related: Secrets of High-Security ColdFusion Code with Pete Freitag, to get the scoop on all things CFML security.

Hire a ColdFusion Expert to Protect your Valuables

Hiring a professional is always THE BEST THING to do if you don’t have one in-house.

Be sure to check out this article on the blog to help you make the right decisions when it comes to your hiring.

Related: How to Hire a ColdFusion Software Development Company without Freaking Out (9 best practices)

In conclusion, your CFML security is nothing to joke around about. You should strive for maximum security and coverage of your servers, applications, and platform. Don’t be the one who gets attacked and comes asking why. I’d hate to say “I told you so.”

And to continue learning how to make your ColdFusion apps more modern and alive, I encourage you to download our free ColdFusion Alive Best Practices Checklist.

Because… perhaps you are responsible for a mission-critical or revenue-generating CF application that you don’t trust 100%, where implementing new features is a painful ad-hoc process with slow turnaround even for simple requests.

What if you have no contingency plan for a sudden developer departure or a server outage? Perhaps every time a new freelancer works on your site, something breaks. Or your application availability, security, and reliability are poor.

And if you are depending on ColdFusion for your job, then you can’t afford to let your CF development methods die on the vine.

You’re making a high-stakes bet that everything is going to be OK using the same old app creation ways in that one language — forever.

All it would take is for your fellow CF developer to quit or for your CIO to decide to leave the (falsely) perceived sinking ship of CFML and you could lose everything—your project, your hard-won CF skills, and possibly even your job.

Luckily, there are a number of simple, logical steps you can take now to protect yourself from these obvious risks.

No Brainer ColdFusion Best Practices to Ensure You Thrive No Matter What Happens Next

ColdFusion Alive Best Practices Checklist

ColdFusion Alive Best Practices Checklist

Modern ColdFusion development best practices that reduce stress, inefficiency, project lifecycle costs while simultaneously increasing project velocity and innovation.

√ Easily create a consistent server architecture across development, testing, and production

√ A modern test environment to prevent bugs from spreading

√ Automated continuous integration tools that work well with CF

√ A portable development environment baked into your codebase… for free!

 

Learn about these and many more strategies in our free ColdFusion Alive Best Practices Checklist.

Related Posts

  • Upgrade Your ColdFusion Today (Security, Performance and Cost)Upgrade Your ColdFusion Today (Security, Performance and Cost)
  • Hear Us Roar: A Manifesto for Women and Minorities in Startup, Tech, and Business Communities with Sophia Eng-TranscriptHear Us Roar: A Manifesto for Women and Minorities in Startup, Tech, and Business Communities with Sophia Eng-Transcript
  • State of the CF Union 2020 Survey (Partial Results)State of the CF Union 2020 Survey (Partial Results)
  • CFCamp in Munich – the only ColdFusion Conference in EuropeCFCamp in Munich – the only ColdFusion Conference in Europe
  • 007 Marketing Automation using the Preside Platform with Dominic Watson007 Marketing Automation using the Preside Platform with Dominic Watson
  • 077 Fundamentals of Unit Testing, BDD and Mocking (using TestBox and MockBox) with Uma Ghotikar – Transcript077 Fundamentals of Unit Testing, BDD and Mocking (using TestBox and MockBox) with Uma Ghotikar – Transcript
  • Facebook
  • Twitter
  • LinkedIn

Filed Under: Auto Security Lockdown, CFML, ColdFusion, ColdFusion 2018, Cybercrime, Learn ColdFusion, Security

← Previous Post CF Alive Podcast Behind the Scenes
Next Post → CF Camp 2018: Madness in Munich Part Five- AngularJS + ColdFusion

CF Alive Best Practices Checklist

 

Modern ColdFusion development best practices that reduce stress, inefficiency, project lifecycle costs while simultaneously increasing project velocity and innovation.

Recent Posts

  • 4 Reasons Why Your ColdFusion Web Apps Are Suffering (And How To Avoid It)
  • Google Down – An Unprecedented Event (Save Your Data Fast!)
  • 107 ColdFusion 2021 Revealing Details on How it was Created with Rakshith Naresh
  • Into The Box LatAm 2020 Virtual Conference – Free to Register!
  • Slow ColdFusion Applications May Ruin Your Business (3 Steps to Prevent It)

Categories

  • ActionScript
  • Adobe CF Summit
  • Adobe CF Summit East
  • Adobe CF Summit East 2018
  • Adobe ColdFusion 11
  • Adobe ColdFusion 2020 Beta
  • Adobe ColdFusion 2021
  • Adobe ColdFusion Project Stratus
  • Adobe ColdFusion Security
  • AIR
  • Ajax
  • AngularJS
  • Announcement
  • API
  • Apollo
  • Auto Security Lockdown
  • AWS
  • C#
  • Certification
  • CF Alive
  • CF Alive Book
  • CF Alive Podcast
  • CF Camp
  • CF Developer week
  • CF Maintenance
  • CF Summit India
  • CF Tags
  • CF Training
  • CF Vs. Other Languages
  • CFEclipse
  • CFML
  • CFML Open- Source
  • CFObjective
  • cfquery
  • CFSummit
  • CFUnited
  • China Chopper
  • CIO
  • Classes
  • Client Highlights
  • ColdBox
  • ColdFusion
  • ColdFusion 2018
  • ColdFusion 2020
  • ColdFusion 2021
  • ColdFusion 9
  • ColdFusion community
  • ColdFusion Conference
  • ColdFusion Consulting
  • ColdFusion Developer
  • ColdFusion Development
  • ColdFusion Hosting
  • ColdFusion Security
  • ColdFusion Webinar
  • CommandBox
  • Conference
  • Cool Stuff
  • Culture
  • Cybercrime
  • Database
  • Development Approach
  • DevOps
  • Docker
  • Fixinator
  • Flex
  • Frameworks
  • Fusebox
  • FusionReactor
  • Futurology
  • Garbage Collector
  • Google Down
  • Into The Box Latam
  • IntoTheBox Conference
  • Java
  • JavaScript
  • JVM
  • Learn ColdFusion
  • Legacy Code
  • Load Testing
  • Lucee
  • Management
  • MAX
  • MDCFUG Lunch
  • Microsoft Azure
  • Mindmapping
  • MockBox
  • Modernize ColdFusion
  • Monitoring
  • Muracon
  • NCDevCon
  • New Intern
  • News
  • Node.js
  • Open- Source
  • ORM
  • Ortus Developer Week
  • Ortus Roadshow
  • Performance
  • Performance Tuning
  • PHP
  • Productivity
  • Programming Languages
  • Project planning
  • Query of Queries
  • Roadmap
  • Scalability
  • Security
  • Server Software
  • Server Tuning
  • Social Media
  • Spiral Web
  • SQL
  • Success Story
  • Survey
  • Technology
  • TestBox
  • Tips
  • Transcript
  • Trapeze Development
  • Uncategorized
  • Web 2.0
  • Web Application
  • Web Server
  • Webinar
  • Webmail
  • What is ColdFusion?
  • Whole Brain Development
  • Women in Tech
  • Work From Home

Recent Comments

  • Michaela Light on A Comprehensive Guide to Running a Successful CFML Project
  • Michaela Light on Is Lucee CFML now better than Adobe ColdFusion?
  • Michaela Light on Introducing Swansea Jack (Lucee CFML 6 announced)
  • Michaela Light on 082 ColdFusion and the Blockchain Revolution with Mike Brunt
  • Michaela Light on 082 ColdFusion and the Blockchain Revolution with Mike Brunt
  • Home
  • Services
  • About Us
  • CF Alive
    • CF Alive Book
    • CF Alive Inner Circle
    • CF Alive full resources cheatsheet
  • Blog
  • Podcast
    • Podcast Guest schedule
  • Contact
  • Sitemap

The ColdFusion Experts:
Develop, Secure, Optimize

TeraTech Inc
451 Hungerford Drive Suite 119
Rockville, MD 20850

Tel : +1 (301) 424 3903
Fax: +1 (301) 762 8185

Follow us on Facebook Follow us on LinkedIn Follow us on Twitter Follow us on Pinterest Follow us on YouTube

Copyright © 1998–2021 TeraTech Inc. All rights Reserved.