The slides for my 2010 CFUnited presentation Locking Down ColdFusion are now available. The presentation is based on the ColDFusion 9 Lockdown Guide whitepaper that I wrote for Adobe. It covers various techniques to make your ColdFusion installation more secure.

Every so often I get an email back from someone who ran HackMyCF.com saying something like this:

Your scanner says our ColdFusion Administrator is publicly accessible, but I don't think that's true.

A good security practice is to require SSL for ColdFusion administrator access (an even better practice is to limit access to localhost). This should only take less than five minutes on either Apache or IIS.