This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "ColdFusion Security Resources"
m (→References) |
m (→References) |
||
| Line 69: | Line 69: | ||
[http://www.adobe.com/products/coldfusion/whitepapers/pdf/91025512_cf9_lockdownguide_wp_ue.pdf ColdFusion 9 Lockdown Guide] The Adobe server lockdown guide for ColdFusion 9.<br> | [http://www.adobe.com/products/coldfusion/whitepapers/pdf/91025512_cf9_lockdownguide_wp_ue.pdf ColdFusion 9 Lockdown Guide] The Adobe server lockdown guide for ColdFusion 9.<br> | ||
[http://www.adobe.com/support/security/#coldfusion ColdFusion Security Updates] The section of the Adobe Security page that lists current ColdFusion security patches.<br> | [http://www.adobe.com/support/security/#coldfusion ColdFusion Security Updates] The section of the Adobe Security page that lists current ColdFusion security patches.<br> | ||
| + | <br> | ||
==OWASP Tools== | ==OWASP Tools== | ||
Revision as of 01:26, 23 March 2011
Table of Contents
| Research | References | Tools | Libraries |
| Videos | References | OWASP Tools | 3rd Party Libs |
| White Papers/Presentations | Static Analysis | ||
| Articles | |||
| Example Vulnerabilities | |||
Videos
DeConstructing ColdFusion This BlackHat 2010 video is a presentation by Chris Eng and Brandon Creighton from VeraCode.
Securing ColdFusion Applications Jason Dean and Peleus Uhley present at Adobe Max 2010 on how to create secure ColdFusion applications.
Security: Hiding Information from Individuals Not Authorized to See It Jim Harris present at the ColdFusion Meetup on March 17, 2011.
Security: Washing Your Incoming Data using ColdFusion Jim Harris presents at the ColdFusion Meetup on March 10, 2011.
Security: Practical ColdFusion Security Justin McLean presents at the ColdFusion Meetup on February 24, 2011.
White Papers/Presentations
Deconstructing ColdFusion The slides from Chris Eng's and Brandon Creighton's presentation at BlackHat 2010
References
ColdFusion Security The Adobe Developer Center's section on ColdFusion Security.
ColdFusion 9 Lockdown Guide The Adobe server lockdown guide for ColdFusion 9.
ColdFusion Security Updates The section of the Adobe Security page that lists current ColdFusion security patches.
OWASP Tools
OWASP ESAPI - ColdFusion The OWASP ESAPI project's ColdFusion distribution.
OWASP ESAPI - Java The OWASP ESAPI project's Java distribution.
Static Analysis
VeraCode VeraCode is a commercial security testing company whose flagship product can test ColdFusion applications.
