Devnet Article on Securing CF From SQL Injection

coldfusion I was just reading through this article on Adobe Devnet titled

Secure your ColdFusion application against SQL injection attacks, and I have a few issues with the article.

This entry was:


coldfusion If you haven't been using the cfqueryparam tag, chances are you had a baptism by fire this week. As you may have heard, lots of ColdFusion powered sites were targeted by hackers using SQL Injection this week.

This entry was:

Announcing Web Application Firewall for ColdFusion

coldfusion I'm proud to announce a Web Application Firewall for ColdFusion, a new product that I have been working on. This product detects malicious requests (such as SQL Injection, Cross Site Scripting, etc) and then logs, filters, or blocks the request.

This entry was:

CFPARAM for Simple String Validation

coldfusion With the addition of a dozen new type values for the cfparam tag in ColdFusion 7, it has become a handy tool for validation.

I have a little trick for those of you who are using earlier versions of ColdFusion that don't support the new types for validation.

This entry was:

Web Application Vulnerabilities trump Buffer Overflows

web This should be an eye opener to many. In September Mitre reported that web application vulnerabilities are claiming the top three spots on their CVE request list, beating out Buffer Overflows.

Cross Site Scripting (21.5%)SQL Injection (14%)PHP includes (9.5%)Buffer overflows (7.

This entry was:

Detecting SQL Injection with ScriptProtect

coldfusion databases It occurred to me this morning that ScriptProtect can be a handy feature for globally catching a few forms of SQL Injection Attacks

WARNING - just like its inability to protect against all forms of XSS attacks this solution DOES NOT protect you from all SQL Injection attacks.

This entry was:


did you hack my cf?