Web Application Firewall for ColdFusion Launched
I'm excited to announce today the launch of Foundeo's latest product: the Foundeo Web Application Firewall for ColdFusion. The product can block or log malicious requests to your ColdFusion applications. Including things like:
- Cross Site Scripting / XSS
- SQL Injection
- Session Hijacking
- Cross Site Request Forgery
- CRLF Injection
- Path Traversal Attacks
- Password Dictionary Attacks
I think it is also important to address what this product is not. It is not a magic filter that can catch every possible hack attempt on your web applications. All you need is one security hole for a hacker to be successful. I want to make it very clear that this product should not be a substitute for secure coding practices. Infact we actually giving away a copy of our CFML Security Checklist with each copy the firewall we sell.
Because this product is written in CFML, there are some unique advantages, such as:
- You can use it on most Shared Hosting Accounts
- You can write your own custom Filters in CFML
- You can interact with the firewall directly from within your ColdFusion web applications.
- Configuration is done with CFML, no need to learn a new configuration language.
Twitter Contest - Win a Free Copy
We are also holding a twitter contest. Follow @foundeo on twitter by 4/1/09 for a chance to win. The winner will be picked randomly from all @foundeo followers on 4/1/09.
- Video: Installing FuseGuard - July 21, 2011
- Announcing FuseGuard Version 3 - November 30, 2017
- FuseGuard 2.4 Released - October 31, 2013
- Adobe eSeminar on FuseGuard - October 26, 2011
- Announcing HackMyCF Paid Subscriptions - January 4, 2011
- Travis CI Error when installing oraclejdk8
- Tuning Tomcat IIS Connectors worker.properties and server.xml
- Push Tomcat logs with the AWS CloudWatch Logs Agent
- Sending nginx access logs to CloudWatch Logs Agent
- Setup CloudWatch Logs Agent on Ubuntu 18.04 LTS
- Tomcat Virtual Directory Howto
- Communications link failure MySQL JDBC with TLS
- Redirect www and non https in IIS using web.config