Pete FreitagColdFusion Summit 2024 Slides: 20 ways to secure CF
Published on October 04, 2024
By Pete Freitag
By Pete Freitag
This year at the Adobe ColdFusion summit in Las Vegas I presented on 20 ways to secure ColdFusion. You can download my slides here.
When giving a presentation on security there are certain topics that I feel need to be covered like SQL Injection, but I also wanted to highlight a few other things that might be new to some people. Here's an outline of the topics covered:
- Block Remote CFC's
- Add more validation
- Outsource Authentication
- Add audit logging
- Add onError to Application.cfc
- Securing File Uploads
- Encode Outputs to prevent XSS
- Content Security Policy (CSP) Headers
- PDF Injection
- Avoiding Server Side Request Forgery (SSRF) in ColdFusion
- RCE via ColdFusion's Evaluate Function
- RCE via ColdFusion's IIF Function
- Preventing SQL Injection in CF
- Leverage Continuous Integration (CI)
- Avoiding XML Entity Injection in ColdFusion
- Clear-Site-Data HTTP Response Header
- Avoid EOL ColdFusion Versions
- Block File Extensions
- Path Traversals
- Leverage Security Tools - eg Fixinator, etc.
ColdFusion Summit 2024 Slides: 20 ways to secure CF was first published on October 04, 2024.
If you like reading about coldfusion, security, or presentations then you might also like:
- Speaking at ColdFusion Summit Online Next Week
- ColdFusion Summit 2022 Slides
- ColdFusion 2020 Developer Week - Securing CF
- CFSummit 2016 Slides
The Fixinator Code Security Scanner for ColdFusion & CFML is an easy to use security tool that every CF developer can use. It can also easily integrate into CI for automatic scanning on every commit.
Try Fixinator