This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "ColdFusion Security Resources"
m (→Table of Contents) |
(→OWASP Tools) |
||
| Line 82: | Line 82: | ||
[http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=ColdFusion.2FCFML OWASP ESAPI - ColdFusion] The OWASP ESAPI project's ColdFusion distribution.<br> | [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=ColdFusion.2FCFML OWASP ESAPI - ColdFusion] The OWASP ESAPI project's ColdFusion distribution.<br> | ||
[http://code.google.com/p/owasp-esapi-java/ OWASP ESAPI - Java] The OWASP ESAPI project's Java distribution.<br> | [http://code.google.com/p/owasp-esapi-java/ OWASP ESAPI - Java] The OWASP ESAPI project's Java distribution.<br> | ||
| + | [http://www.owasp.org/index.php/Guide_Table_of_Contents OWAS Developer Guide] Many sections throughout the developer guide contain specific ColdFusion guidance.<br> | ||
| + | |||
<br> | <br> | ||
Revision as of 01:46, 23 March 2011
Table of Contents
| Research | References | Tools | Libraries |
| Videos | References | OWASP Tools | 3rd Party Libs |
| White Papers/Presentations | Tools | ||
| Articles | |||
| Example Vulnerabilities | |||
Videos
DeConstructing ColdFusion This BlackHat 2010 video is a presentation by Chris Eng and Brandon Creighton from VeraCode.
Securing ColdFusion Applications Jason Dean and Peleus Uhley present at Adobe Max 2010 on how to create secure ColdFusion applications.
Security: Hiding Information from Individuals Not Authorized to See It Jim Harris present at the ColdFusion Meetup on March 17, 2011.
Security: Washing Your Incoming Data using ColdFusion Jim Harris presents at the ColdFusion Meetup on March 10, 2011.
Security: Practical ColdFusion Security Justin McLean presents at the ColdFusion Meetup on February 24, 2011.
Application Security: Beyond SQL Injection Jason Dean presents at the ColdFusion Meetup on January 22, 2009.
Security Countermeasures for ColdFusion Programmers Jim Harris presents at the ColdFusion Meeting on January 8, 2009
UGTV search Many ColdFusion security topics can be found by searching UGTV for the word security.
White Papers/Presentations
Deconstructing ColdFusion The slides from Chris Eng's and Brandon Creighton's presentation at BlackHat 2010
Articles
Jason Dean's blog Jason Dean frequently blogs on ColdFusion application security topics. This is a collection of his blogs.
Pete Freitag's blog Pete Freitag frequently blogs on ColdFusion application security topics. This is a collection of his blogs.
References
ColdFusion Security The Adobe Developer Center's section on ColdFusion Security.
ColdFusion 9 Lockdown Guide The Adobe server lockdown guide for ColdFusion 9.
ColdFusion Security Updates The section of the Adobe Security page that lists current ColdFusion security patches.
OWASP Tools
OWASP ESAPI - ColdFusion The OWASP ESAPI project's ColdFusion distribution.
OWASP ESAPI - Java The OWASP ESAPI project's Java distribution.
OWAS Developer Guide Many sections throughout the developer guide contain specific ColdFusion guidance.
Tools
VeraCode VeraCode is a commercial security testing company whose flagship product can test ColdFusion applications.
Hack My CF An online tool that specializes in hacking ColdFusion servers.
