I've been playing around with Nginx web server over the past few days, its a great light weight web server, ideal for VPS's or smaller Amazon EC2 instances where resources are not as abundant....
Earlier this week at the 28C3 security conference in Berlin researchers presented on a denial of service (DOS) technique that several web application platforms (PHP, ASP.NET, Node....
Adobe released a security hotfix APSB11-29 for ColdFusion 8 and 9 on Tuesday, which fixes two XSS (Cross Site Scripting) vulnerabilities (CVE-2011-2463 and CVE-2011-4368). One vulnerability exists in cfform and the other in RDS....
A few months back I was researching two/multi factor authentication solutions to employ to meet PCI compliance, I came across a somewhat new company called DuoSecurity....
It has recently come to my attention that there are some hard coded references to /CFIDE/scripts/ in some of the JS files that are used by the new (in CF9) tags CFFileUpload and CFMediaPlayer....
Did you know that it only takes minutes to get FuseGuard up and running? Here's a short video showing how to install and configure FuseGuard - web application firewall for ColdFusion:
I was recently conducting a CFML security review for a client and realized that when you have client variables set to use Cookies, the session ID's (eg CFIDE and CFTOKEN) are included in the CFGLOBALS cookie....