This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "ColdFusion Security Resources"
(→OWASP Tools) |
m (→OWASP Tools) |
||
| Line 71: | Line 71: | ||
==OWASP Tools== | ==OWASP Tools== | ||
| − | [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=ColdFusion.2FCFML OWASP ESAPI - ColdFusion] The OWASP ESAPI project's ColdFusion distribution. | + | [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=ColdFusion.2FCFML OWASP ESAPI - ColdFusion] The OWASP ESAPI project's ColdFusion distribution.<br> |
| − | [http://code.google.com/p/owasp-esapi-java/ OWASP ESAPI - Java] The OWASP ESAPI project's Java distribution. | + | [http://code.google.com/p/owasp-esapi-java/ OWASP ESAPI - Java] The OWASP ESAPI project's Java distribution.<br> |
| + | <br> | ||
==Static Analysis== | ==Static Analysis== | ||
[https://www.veracode.com/press-releases/veracode-unveils-the-most-complete-cloud-based-application-security-testing-service-for-software-dev-3.html VeraCode] VeraCode is a commercial security testing company whose flagship product can test ColdFusion applications. | [https://www.veracode.com/press-releases/veracode-unveils-the-most-complete-cloud-based-application-security-testing-service-for-software-dev-3.html VeraCode] VeraCode is a commercial security testing company whose flagship product can test ColdFusion applications. | ||
Revision as of 01:25, 23 March 2011
Table of Contents
| Research | References | Tools | Libraries |
| Videos | References | OWASP Tools | 3rd Party Libs |
| White Papers/Presentations | Static Analysis | ||
| Articles | |||
| Example Vulnerabilities | |||
Videos
DeConstructing ColdFusion This BlackHat 2010 video is a presentation by Chris Eng and Brandon Creighton from VeraCode.
Securing ColdFusion Applications Jason Dean and Peleus Uhley present at Adobe Max 2010 on how to create secure ColdFusion applications.
Security: Hiding Information from Individuals Not Authorized to See It Jim Harris present at the ColdFusion Meetup on March 17, 2011.
Security: Washing Your Incoming Data using ColdFusion Jim Harris presents at the ColdFusion Meetup on March 10, 2011.
Security: Practical ColdFusion Security Justin McLean presents at the ColdFusion Meetup on February 24, 2011.
White Papers/Presentations
Deconstructing ColdFusion The slides from Chris Eng's and Brandon Creighton's presentation at BlackHat 2010
References
ColdFusion Security The Adobe Developer Center's section on ColdFusion Security.
ColdFusion 9 Lockdown Guide The Adobe server lockdown guide for ColdFusion 9.
ColdFusion Security Updates The section of the Adobe Security page that lists current ColdFusion security patches.
OWASP Tools
OWASP ESAPI - ColdFusion The OWASP ESAPI project's ColdFusion distribution.
OWASP ESAPI - Java The OWASP ESAPI project's Java distribution.
Static Analysis
VeraCode VeraCode is a commercial security testing company whose flagship product can test ColdFusion applications.
