Fixinator and Foundeo Security Bundle
What is Fixinator?
Fixinator is a CFML security code scanner that can not only find security issues in your code it can also help you fix them (hence the name). Take a look at the screenshot below to see how it works:
Fixinator is looking for all sorts of CFML specific security vulnerabilities in the code. Working as a ColdFusion security consultant over the past 10 or so years, I have conducted dozens of reviews of real world CFML code and systems. Fixinator attempts to bottle up as much of that experience as possible and bring it to your fingertips.
What is this Continuous Security you speak of?
Continuous security is a method of adding automatic security checks. Security experts find that when you bring security tools closer to the developer less security vulnerabilities exist in the code.
Fixinator fits well into this model, you can easily set it up to scan your code every time you commit to version control. It doesn't matter if you are using GitHub, GitLab, Bitbucket, any other git provider or even a subversion repository it is pretty easy to setup (and Foundeo is happy to help you set it up). Here's a few examples of setting up Fixinator in a continuous integration pipeline using a few different providers:
- Running Fixinator on Azure DevOps Pipelines or Team Foundation Server (TFS) - Azure DevOps or TFS (on premises) can connect to any Git or Subversion repository to scan your code automatically.
- Running Fixinator on Bitbucket Pipelines - if your code is on BitBucket you can setup a pipeline for free.
- Running Fixinator on Circle CI - supports GitHub and Bitbucket Repos
- Running Fixinator on GitLab - GitLab also has a free tier that you can take advantage of.
- Running Fixinator on TravisCI - TravisCI supports GitHub repositories
Here's an example of setting up an Azure DevOps pipeline that runs Fixinator:
What is the Foundeo CFML Continuous Security Bundle?
With the addition of Fixinator, Foundeo now has 3 CFML security products: FuseGuard, HackMyCF, and Fixinator. There are already several companies that have purchased all three tools, so it only made sense to offer a bundle where you can get all three tools at a discounted price. Pricing for the bundle starts at $96/month.
- Scope Injection in CFML - March 3, 2015
- CFSummit 2016 Slides - October 17, 2016
- New HackMyCF Features - October 24, 2013
- HackMyCF Updated for APSB11-29 Security Hotfix - December 15, 2011
- Adobe eSeminar on FuseGuard - October 26, 2011
- What is the difference between ASCII Chr(10) and Chr(13)
- Running CFML on AWS Lambda with FuseLess Slides
- Updating Java on ColdFusion or Lucee
- ColdFusion returning empty response with server-error: true
- Careful applying CF11u16, CF2016u8, CF2018u2
- Sessions don't work in Chrome but do in IE
- csrfVerifyToken does not invalidate the token