Pete Freitag Pete Freitag

Maximum Security CFML - cfObjective Slides

coldfusion

What a great conference cf.Objective() was this year! The quality of presentations was really good and I think that is due both to the speakers and the content advisory board led by Bob Silverberg and including Barney Boisvert, Dan Wilson, Emily Christiansen, Jason Dean, Kurt Wiersma, Marc Esher. The content board not only picked all the presentations and speakers, but they also provided great feedback and advice on our presentation drafts. As a result I think many of the presentations were much more polished.

I also enjoyed being a sponsor this year promoting FuseGuard, HackMyCF, and our ColdFusion consulting services. I met lots of great people at the Foundeo booth, whom I may otherwise not had a chance to talk with.

And finally here are the slides to my Maximum Security CFML presentation. Thanks to all that attended!


Like this? Follow me ↯

Maximum Security CFML - cfObjective Slides was first published on May 17, 2011.

If you like reading about coldfusion, security, presentations, cfobjective, or cfml then you might also like:

FuseGuard Web App Firewall for ColdFusion

The FuseGuard Web Application Firewall for ColdFusion & CFML is a high performance, customizable engine that blocks various attacks against your ColdFusion applications.

Comments

After installing that hotfix, I tried esapi = CreateObject("java", "org.owasp.esapi.ESAPI").encoder()

but it throws:

java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception.

Why?
by Henry Ho on 05/17/2011 at 2:27:54 PM UTC
Pete,
I really enjoyed going through your slides, it's a lot of great content, and has a number of little things I didn't know. On top of that, I've already implemented a couple tweaks to my code. Great meeting you last week, too.
by Nathan Strutz on 05/17/2011 at 6:35:38 PM UTC
Glad you enjoyed it Nathan, great to finally meet you as well!
by Pete Freitag on 05/18/2011 at 10:46:19 AM UTC
@Henry - What version of CF are you using? Is anything showing up in your cfserver.log or {instance-name}-out.log files related to ESAPI?
by Pete Freitag on 05/18/2011 at 10:47:50 AM UTC