FuseGuard Released - Protects your ColdFusion Apps
I am happy to announce today the release of FuseGuard Web Application Firewall for ColdFusion!
FuseGuard 2.0 is the new name for Foundeo Web Application Firewall, but we did a bit more than just change the name!
The biggest new features added to version 2 are the Web Based manager, and the database logger. The web manager main function is to provide reporting for the attacks against your server, but it also allows you to view configuration, and manage users.
Here are some screen shots:
The database logger currently supports logging to a MySQL, SQLServer, or Apache Derby database. We have made it really easy to create a database, and datasource using the embedded Apache Derby database support in ColdFusion 8 and 9 (just give it your coldfusion administrator username and password, and a datasource name).
On the security side of the product, the biggest improvement there is the File Upload Filter. This filter can block a file upload request before your
cffile tag is executed based on a whitelist, or blacklist of file extensions that you specify. This means it can block those pesky MIME type spoofing attacks, and even the execute before delete vulnerability that caused Ben Forta's site to get hacked (existed prior versions of FCKeditor and Galleon Forums)
We also lowered the price on the standard version from
$500 to $349, and the server edition was lowered from $1299 to $999
I would like to invite you to check it out and request a demo!
- Adobe eSeminar on FuseGuard - October 26, 2011
- Scope Injection in CFML - March 3, 2015
- CFMeetup Thursday: Intro to FuseGuard and Web Application Firewalls - June 14, 2010
- Announcing Web Application Firewall for ColdFusion - July 9, 2007
- Announcing FuseGuard Version 3 - November 30, 2017
- Updating Java on ColdFusion or Lucee
- ColdFusion returning empty response with server-error: true
- Careful applying CF11u16, CF2016u8, CF2018u2
- Sessions don't work in Chrome but do in IE
- csrfVerifyToken does not invalidate the token
- The cf_sql_ is optional in cfqueryparam
- Cookie Expires / Max-Age 1969-12-31T23:59:59.000Z
- Burst Throttling on AWS API Gateway Explained