Maximum Security CFML - cfObjective Slides
What a great conference cf.Objective() was this year! The quality of presentations was really good and I think that is due both to the speakers and the content advisory board led by Bob Silverberg and including Barney Boisvert, Dan Wilson, Emily Christiansen, Jason Dean, Kurt Wiersma, Marc Esher. The content board not only picked all the presentations and speakers, but they also provided great feedback and advice on our presentation drafts. As a result I think many of the presentations were much more polished.
I also enjoyed being a sponsor this year promoting FuseGuard, HackMyCF, and our ColdFusion consulting services. I met lots of great people at the Foundeo booth, whom I may otherwise not had a chance to talk with.
And finally here are the slides to my Maximum Security CFML presentation. Thanks to all that attended!
- CFSummit 2016 Slides - October 17, 2016
- Writing Secure CFML Slides from CFUnited 2010 - August 5, 2010
- Hands on ColdFusion Security Training - February 4, 2010
- Hardening ColdFusion - cfObjective 2009 Presentation Slides - July 6, 2009
- Scope Injection in CFML - March 3, 2015
but it throws:
java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception.
I really enjoyed going through your slides, it's a lot of great content, and has a number of little things I didn't know. On top of that, I've already implemented a couple tweaks to my code. Great meeting you last week, too.
- Updating Java on ColdFusion or Lucee
- ColdFusion returning empty response with server-error: true
- Careful applying CF11u16, CF2016u8, CF2018u2
- Sessions don't work in Chrome but do in IE
- csrfVerifyToken does not invalidate the token
- The cf_sql_ is optional in cfqueryparam
- Cookie Expires / Max-Age 1969-12-31T23:59:59.000Z
- Burst Throttling on AWS API Gateway Explained