Early bird registration is open for my ColdFusion Security Training deep dive class in December. If you've ever attended one of my conference sessions on ColdFusion Security at Adobe ColdFusion Summit or Into The Box (or even cf.Objective() or CFUnited :-) you know that it is hard cover a wide variety of issues in a one hour session.
It is an online class that takes place over Zoom on Tuesday December 13, 2022 and Wednesday December 14 from 11am-2pm each day. I find that two three hour chunks each day is a good amount of time to get hands on and in depth, but not so long that your brain is completely toasted. It also leaves some time for you to get some of your typical work done on those days if you are so inclined.
Here's an outline of the topics that will be covered in the course:
- Remote Code Execution
- Path Traversals & File Path Vulnerabilities
- File Upload Vulnerabilities
- Cross Site Scripting
- Cross Site Request Forgery
- Session Hijacking
- Cookie Security
- Password Storage
- Authentication
- Authorization
- Content Security Policy
- SQL Injection
- Timing Attacks
- Scope Injection
- LDAP Injection
- XML Security Issues
- Core Security Principals
- Proactive Coding Guidelines
- OWASP Top 10
- Security Tools: OWASP Zap, Fixinator
- And more!
The course covers a wide range of vulnerabilities that CFML web developers should be aware of. For each vulnerability the students will learn about it, attempt to exploit it, and last but certainly not least learn how to fix or mitigate the vulnerability.
I would love to have you attend, so please sign up while seats are still available and before the price increases on December 1st.