Difference between revisions of "ColdFusion Security Resources"

From OWASP
Jump to: navigation, search
(White Papers/Presentations)
(Table of Contents)
Line 4: Line 4:
 
== Goals ==
 
== Goals ==
 
The Security Resources projects aims to enable developers to easily find ColdFusion tools and resources regardless of whether they were developed by Adobe, OWASP or the ColdFusion development community.
 
The Security Resources projects aims to enable developers to easily find ColdFusion tools and resources regardless of whether they were developed by Adobe, OWASP or the ColdFusion development community.
 
== Table of Contents ==
 
 
{| cellspacing="1" cellpadding="1" border="0" style="width: 651px; height: 66px;"
 
|-
 
| '''Research'''
 
| '''References'''
 
| '''Tools'''
 
| '''Libraries'''
 
|-
 
| [http://www.owasp.org/index.php/Category:ColdFusion_Security_Resources#Videos Videos]
 
| [http://www.owasp.org/index.php/Category:ColdFusion_Security_Resources#References References]
 
| [http://www.owasp.org/index.php/Category:ColdFusion_Security_Resources#OWASP_Tools OWASP Tools]
 
| [http://www.owasp.org/index.php/Category:ColdFusion_Security_Resources#Third-party_Security_Libraries 3rd Party Libs]
 
|-
 
| [http://www.owasp.org/index.php/Category:ColdFusion_Security_Resources#White_Papers_.2F_Presentations White Papers/Presentations]
 
|
 
| [http://www.owasp.org/index.php/Category:ColdFusion_Security_Resources#Tools Tools]
 
|
 
|-
 
| [http://www.owasp.org/index.php/Category:ColdFusion_Security_Resources#Articles Articles]
 
|
 
|
 
|
 
|-
 
| [http://www.owasp.org/index.php/Category:ColdFusion_Security_Resources#Example_Vulnerabilities Example Vulnerabilities]
 
|
 
|
 
|
 
|-
 
|
 
|
 
|
 
|
 
|-
 
|
 
|
 
|
 
|
 
|-
 
|
 
|
 
|
 
|
 
|-
 
|
 
|
 
|
 
|
 
|}
 
 
<br>
 
  
 
==Videos==
 
==Videos==

Revision as of 21:23, 22 March 2011

Contents

Overview

The ColdFusion Security Resources project is an organized index of all the ColdFusion security resources on the Internet that would be useful to ColdFusion developers.

Goals

The Security Resources projects aims to enable developers to easily find ColdFusion tools and resources regardless of whether they were developed by Adobe, OWASP or the ColdFusion development community.

Videos

DeConstructing ColdFusion This BlackHat 2010 video is a presentation by Chris Eng and Brandon Creighton from VeraCode.
Securing ColdFusion Applications Jason Dean and Peleus Uhley present at Adobe Max 2010 on how to create secure ColdFusion applications.
Writing Secure CFML Pete Freitag's presentation from CFUnited 2010.
Security: Hiding Information from Individuals Not Authorized to See It Jim Harris present at the ColdFusion Meetup on March 17, 2011.
Security: Washing Your Incoming Data using ColdFusion Jim Harris presents at the ColdFusion Meetup on March 10, 2011.
Security: Practical ColdFusion Security Justin McLean presents at the ColdFusion Meetup on February 24, 2011.
Application Security: Beyond SQL Injection Jason Dean presents at the ColdFusion Meetup on January 22, 2009.
Security Countermeasures for ColdFusion Programmers Jim Harris presents at the ColdFusion Meeting on January 8, 2009
UGTV search Many ColdFusion security topics can be found by searching UGTV for the word security.

White Papers/Presentations

Deconstructing ColdFusion The slides from Chris Eng's and Brandon Creighton's presentation at BlackHat 2010.
Writing Secure CFML Pete Freitag's slides from his CFUnited 2010 presentation.
ColdFusion Lockdown Pete Freitag's slides from his CFUnited 2010 presentation on locking down ColdFusion.


Articles

Jason Dean's blog Jason Dean frequently blogs on ColdFusion application security topics. This is a collection of his blogs.
Pete Freitag's blog Pete Freitag frequently blogs on ColdFusion application security topics. This is a collection of his blogs.


References

ColdFusion Security The Adobe Developer Center's section on ColdFusion Security.
ColdFusion 9 Lockdown Guide The Adobe server lockdown guide for ColdFusion 9.
ColdFusion Security Updates The section of the Adobe Security page that lists current ColdFusion security patches.

OWASP Tools

OWASP ESAPI - ColdFusion The OWASP ESAPI project's ColdFusion distribution.
Leveraging the ESAPI library in ColdFusion Pete Freitag's blog on using the OWASP ESAPI library included in ColdFusion.
OWASP ESAPI - Java The OWASP ESAPI project's Java distribution.
OWASP Developer Guide Many sections throughout the developer guide contain specific ColdFusion guidance.


Tools

VeraCode VeraCode is a commercial security testing company whose flagship product can test ColdFusion applications.
Hack My CF An online tool that specializes in hacking ColdFusion servers.


Third-Party Security Libraries

Java Cryptography Extension It is possible to get stronger cryptography out of ColdFusion by updating the Java Policy files as described here. Ensure that you are adhering to your local government requirements.