Is your ColdFusion Administrator Actually Public?

coldfusion Every so often I get an email back from someone who ran saying something like this:

Your scanner says our ColdFusion Administrator is publicly accessible, but I don't think that's true.

This entry was: Now Detects BlazeDS Vulnerability

coldfusion I've just finished updating the ColdFusion security scanner to detect the BlaseDS Vulnerability APSB10-05 announced in February 2010. As you hopefully know, this vulnerability also effects ColdFusion 7-9, because it has BlaseDS installed by default.

This entry was:

How to tell if a site takes security seriously

misc Here are some easy ways you can tell if a particular site is serious about security:

This entry was:


did you hack my cf?