The CWE 25 and ColdFusion - CFSummit East 2025 Slides
By Pete Freitag

Returned from another Adobe ColdFusion Summit East conference in Washington DC. This year, I gave a talk titled Securing Adobe ColdFusion Applications: A Walk through the CWE Top 25. You can download the slides here. Thanks to all who attended! It was great to catch up with so many people, and meet some new people as well. Since it was a short conference, there were still some people I didn't have a chance to chat with, that I would have liked to, so until next time!
This presentation went through Mitre's CWE Top 25 list. The list is constructed by analyzing the weaknesses linked to CVE's by frequency, severity and danger. The top 25 weaknesses on this list are thus labeled the most dangerous software weaknesses. We then looked at how the weakness might pertain to a ColdFusion application. Five of the top twenty five weaknesses are taken care of for us due to Java being a memory safe language, for those we simply say Thanks Java!.
The CWE 25 and ColdFusion - CFSummit East 2025 Slides was first published on March 27, 2025.
If you like reading about presentations, slides, coldfusion, or security then you might also like:
- ColdFusion 10 Security Enhancements Presentation
- ColdFusion Summit 2024 Slides: 20 ways to secure CF
- Speaking at ColdFusion Summit Online Next Week
- ColdFusion Summit 2022 Slides
The Fixinator Code Security Scanner for ColdFusion & CFML is an easy to use security tool that every CF developer can use. It can also easily integrate into CI for automatic scanning on every commit.
Try Fixinator