HackMyCF Adds SSL/TLS Scanner

coldfusion web I'm pleased to announce a feature of HackMyCF that I've been excited about for a while: SSL / TLS Scanning.

If you stay up to date with security news you know that there have been a large number of vulnerabilities or weaknesses discovered in SSL or TLS protocols and implementations.

This entry was:

New HackMyCF Features

coldfusion HackMyCF, my company's ColdFusion (and Railo too) server security scanner was recently updated with some cool new features for our paid subscribers.

This entry was:

HackMyCF Updated for APSB11-29 Security Hotfix

coldfusion Adobe released a security hotfix APSB11-29 for ColdFusion 8 and 9 on Tuesday, which fixes two XSS (Cross Site Scripting) vulnerabilities (CVE-2011-2463 and CVE-2011-4368). One vulnerability exists in cfform and the other in RDS.

This entry was:

Determining Which Cumulative Hotfixes are Installed on ColdFusion

coldfusion It's not always obvious which Cumulative hotfixes are installed on a ColdFusion server. I'm pleased to announce that the paid subscriptions for HackMyCF now let you know which cumulative (non security) hotfixes you have installed, and which ones you don't.

This entry was:

HackMyCF Scanner Updated

coldfusion Yesterday I added some additional functionality to the HackMyCF ColdFusion Server Security Scanner:

Now Checks for an exposed WEB-INF directory - The content in the WEB-INF folder should not be served up to the public. If it is under the web root, it must be blocked by the web server.

This entry was:

Announcing HackMyCF Paid Subscriptions

coldfusion Hopefully you are now aware of the service I created in October 2009 called HackMyCF, it's been used to help secure over 3000 ColdFusion servers! If you're not familiar, it is a scanner that looks for security vulnerabilities on your server.

This entry was:

HackMyCF.com Now Detects BlazeDS Vulnerability

coldfusion I've just finished updating the HackMyCF.com ColdFusion security scanner to detect the BlaseDS Vulnerability APSB10-05 announced in February 2010. As you hopefully know, this vulnerability also effects ColdFusion 7-9, because it has BlaseDS installed by default.

This entry was:


did you hack my cf?