For several years now, I've offered an online ColdFusion developer security training class in December. I'm pleased to announce that this years class will be held on Tuesday December 9, 2025 @ 11am-2pm & Wednesday December 10 @ 11am-2pm US Eastern Time.
The class is held online (typically via Zoom), so you can take it from anywhere in the world. And over the past several years I've had students from several continents participate. We all know how timezones are no fun to deal with, but I've tried to schedule it in a time where it should work well for most US timezones, and is not ideal but works in Europe as well.
Who is it for?
This class is designed for any developer that writes CFML code. Whether that code runs on Adobe ColdFusion, Lucee or Boxlang you should be able to get a lot out of the course.
Both beginners and experienced developers can benefit from this course. The code examples are kept as clear and concise as possible.
Here's what Nolan Erck, an expert with several years of ColdFusion experience had to say about the course:
"Pete's security workshop was the perfect amount of real-world scenarios to look out for, and quality information about how to prevent such issues. He covered everything from basic best practices like blocking SQL injection and cross-site scripting, to more esoteric yet equally important tricks! This is a quality workshop well worth your time - drink coffee first and takes lots of notes!"
What Topics are Covered?
The course covers a wide range of web application security vulnerabilities. For most vulnerabilities we will look at what vulnerable CFML code might look like, how an attacker might exploit it, and most importantly how we can prevent or mitigate the issue in our code.
- Core Security Principals
- Proactive Coding Guidelines
- OWASP Top 10
- SQL Injection
- Remote Code Execution
- Path Traversals & File Path Vulnerabilities
- File Upload Vulnerabilities
- Cross Site Scripting
- Cross Site Request Forgery
- Session Hijacking
- Cookie Security
- Password Storage
- Authentication
- Authorization
- Content Security Policy
- Timing Attacks
- Scope Injection
- LDAP Injection
- XML Security Issues
- Security Tools: OWASP Zap, Fixinator
- And more!
Seats are Limited
Don't wait to register, seats are limited: register now.