Pete Freitag Pete Freitag

Maximum Security CFML - cfObjective Slides

Updated on August 04, 2021
By Pete Freitag
coldfusion

What a great conference cf.Objective() was this year! The quality of presentations was really good and I think that is due both to the speakers and the content advisory board led by Bob Silverberg and including Barney Boisvert, Dan Wilson, Emily Christiansen, Jason Dean, Kurt Wiersma, Marc Esher. The content board not only picked all the presentations and speakers, but they also provided great feedback and advice on our presentation drafts. As a result I think many of the presentations were much more polished.

I also enjoyed being a sponsor this year promoting FuseGuard, HackMyCF, and our ColdFusion consulting services. I met lots of great people at the Foundeo booth, whom I may otherwise not had a chance to talk with.

And finally here are the slides to my Maximum Security CFML presentation. Thanks to all that attended!

Outdated Alert: This content is 10+ years old now, here is my latest ColdFusion Security Training Class.



coldfusion security presentations cfobjective cfml

Maximum Security CFML - cfObjective Slides was first published on May 17, 2011.

If you like reading about coldfusion, security, presentations, cfobjective, or cfml then you might also like:

Fixinator

The Fixinator Code Security Scanner for ColdFusion & CFML is an easy to use security tool that every CF developer can use. It can also easily integrate into CI for automatic scanning on every commit.


Try Fixinator

CFBreak
The weekly newsletter for the CFML Community


Comments

After installing that hotfix, I tried esapi = CreateObject("java", "org.owasp.esapi.ESAPI").encoder()

but it throws:

java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception.

Why?
by Henry Ho on 05/17/2011 at 2:27:54 PM UTC
Pete,
I really enjoyed going through your slides, it's a lot of great content, and has a number of little things I didn't know. On top of that, I've already implemented a couple tweaks to my code. Great meeting you last week, too.
by Nathan Strutz on 05/17/2011 at 6:35:38 PM UTC
Glad you enjoyed it Nathan, great to finally meet you as well!
by Pete Freitag on 05/18/2011 at 10:46:19 AM UTC
@Henry - What version of CF are you using? Is anything showing up in your cfserver.log or {instance-name}-out.log files related to ESAPI?
by Pete Freitag on 05/18/2011 at 10:47:50 AM UTC