Securing ColdFusion Applications - DevWeek 2021

by Pete Freitag

It was great to be a speaker at the ColdFusion DevWeek event last week. I spoke on the topic Securing ColdFusion Applications.

As promised here are the slides, and the example code I used can be found here.

In this talk I thought it would be fun to come up with a list of the Top 10 Risks or Issues ColdFusion developers should be aware of. As with any security top ten list, there are more than 10 security issues to be aware of, so this is just a starting point.

  1. Old Code
  2. Failure to Delegate
  3. Security Configuration
  4. Various Injection Attacks
  5. XSS
  6. Authentication / Authorization
  7. Remote Code Execution
  8. SQL Injection
  9. File System Issues
  10. Unpatched Known Vulnerabilities

Related Posts

The Fixinator Code Security Scanner for ColdFusion & CFML is an easy to use security tool that every CF developer can use. It can also easily integrate into CI for automatic scanning on every commit.