Pete Freitag's Homepage

Java Unlimited Strength Crypto Policy for Java 9 or 1.8.0_151

Starting with Java 1.8.0_151 and 1.8.0_152 there is a new somewhat easier way to enable the unlimited strength jurisdiction policy for the JVM. Without enabling this you cannot use AES-256 for example....

Java 9 Security Enhancements

With the General Availability release of Java 9 scheduled for today, I thought it would be appropriate to go over the new features that pertain to security.

Implement HTTP/2 Client...

Upcoming CFML Conferences in April 2017

I will be speaking at two conferences this month.

The conference is the Adobe CFSummit East also known as the Adobe ColdFusion Government Summit. It will be held on April 18-19, 2017 in Washington DC....

CFSummit 2016 Slides

Here are my slides from the Adobe ColdFusion Summit 2016 conference in Las Vegas:...

Securing Legacy CFML - dev.Objective() 2016 Slides

Back from another great dev.Objective() conference in Minneapollis. This year Foundeo was a sponsor, and I spoke on Securing Legacy CFML Code. Find the slides here....

My CFSummit 2015 Slide Decks

I was fortunate enough to be able to do two different talks this year at the Adobe CFSummit 2015 conference....

Adding Chrome Custom Search for CFDocs

I read some complaints recently that the new Adobe documentation site is not friendly with a chrome custom search engine (because the URIs are different based on what the tag/function starts with)....

Disable Flash Remoting on ColdFusion Servers

Due to the recent security vulnerability ABSP15-20 / APSB15-21 in BlazeDS there has been increased interest in disabling flash remoting when not needed -- if you followed the lockdown guide for CF9, CF10, or CF11 you should already have it disabled....

HackMyCF Adds SSL/TLS Scanner

I'm pleased to announce a feature of HackMyCF that I've been excited about for a while: SSL / TLS Scanning....

IncompatibleClassChangeError after ColdFusion 11 Update 5

If you use the Encrypt function in ColdFusion 11, you may experience an error that looks like this:

java.lang.IncompatibleClassChangeError: Expected static method coldfusion.runtime.CFPage....

Scope Injection in CFML

Here is an interesting vulnerability that I have come across several times in real CFML code during code reviews, I have spoken about it at conferences but have never written about it....

Upload Files Directly to Amazon S3 using ColdFusion

Here's a quick example showing how to upload a file directly to Amazon S3 (bypassing your server). The tricky part in getting this to work is that you don't want to allow anyone to upload a file anywhere on your S3....
there is more to this site: sitemap