Web Application Firewall for ColdFusion Launched
I'm excited to announce today the launch of Foundeo's latest product: the Foundeo Web Application Firewall for ColdFusion. The product can block or log malicious requests to your ColdFusion applications. Including things like:
- Cross Site Scripting / XSS
- SQL Injection
- Session Hijacking
- Cross Site Request Forgery
- CRLF Injection
- Path Traversal Attacks
- Password Dictionary Attacks
I think it is also important to address what this product is not. It is not a magic filter that can catch every possible hack attempt on your web applications. All you need is one security hole for a hacker to be successful. I want to make it very clear that this product should not be a substitute for secure coding practices. Infact we actually giving away a copy of our CFML Security Checklist with each copy the firewall we sell.
Because this product is written in CFML, there are some unique advantages, such as:
- You can use it on most Shared Hosting Accounts
- You can write your own custom Filters in CFML
- You can interact with the firewall directly from within your ColdFusion web applications.
- Configuration is done with CFML, no need to learn a new configuration language.
Twitter Contest - Win a Free Copy
We are also holding a twitter contest. Follow @foundeo on twitter by 4/1/09 for a chance to win. The winner will be picked randomly from all @foundeo followers on 4/1/09.
- Video: Installing FuseGuard - July 21, 2011
- Announcing FuseGuard Version 3 - November 30, 2017
- FuseGuard 2.4 Released - October 31, 2013
- Adobe eSeminar on FuseGuard - October 26, 2011
- Announcing HackMyCF Paid Subscriptions - January 4, 2011
- ColdFusion returning empty response with server-error: true
- Careful applying CF11u16, CF2016u8, CF2018u2
- Sessions don't work in Chrome but do in IE
- csrfVerifyToken does not invalidate the token
- The cf_sql_ is optional in cfqueryparam
- Cookie Expires / Max-Age 1969-12-31T23:59:59.000Z
- Burst Throttling on AWS API Gateway Explained
- How to Resolve Java HTTPS Exceptions