This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

ColdFusion Security Resources

From OWASP
Revision as of 01:25, 23 March 2011 by Puhley (talk | contribs) (References)

Jump to: navigation, search

Table of Contents

Research References Tools Libraries
Videos References OWASP Tools 3rd Party Libs
White Papers/Presentations Static Analysis
Articles
Example Vulnerabilities


Videos

DeConstructing ColdFusion This BlackHat 2010 video is a presentation by Chris Eng and Brandon Creighton from VeraCode.
Securing ColdFusion Applications Jason Dean and Peleus Uhley present at Adobe Max 2010 on how to create secure ColdFusion applications.
Security: Hiding Information from Individuals Not Authorized to See It Jim Harris present at the ColdFusion Meetup on March 17, 2011.
Security: Washing Your Incoming Data using ColdFusion Jim Harris presents at the ColdFusion Meetup on March 10, 2011.
Security: Practical ColdFusion Security Justin McLean presents at the ColdFusion Meetup on February 24, 2011.


White Papers/Presentations

Deconstructing ColdFusion The slides from Chris Eng's and Brandon Creighton's presentation at BlackHat 2010


References

ColdFusion Security The Adobe Developer Center's section on ColdFusion Security.
ColdFusion 9 Lockdown Guide The Adobe server lockdown guide for ColdFusion 9.
ColdFusion Security Updates The section of the Adobe Security page that lists current ColdFusion security patches.

OWASP Tools

OWASP ESAPI - ColdFusion The OWASP ESAPI project's ColdFusion distribution.
OWASP ESAPI - Java The OWASP ESAPI project's Java distribution.

Static Analysis

VeraCode VeraCode is a commercial security testing company whose flagship product can test ColdFusion applications.