Yesterday I added some additional functionality to the HackMyCF ColdFusion Server Security Scanner:

Now Checks for an exposed WEB-INF directory - The content in the WEB-INF folder should not be served up to the public. If it is under the web root, it must be blocked by the web server.

Hopefully you are now aware of the service I created in October 2009 called HackMyCF, it's been used to help secure over 3000 ColdFusion servers! If you're not familiar, it is a scanner that looks for security vulnerabilities on your server.

My company Foundeo Inc. released a new free web service today called HackMyCF that allows you to scan your ColdFusion server to detect the absence of recent ColdFusion security hotfixes as well as other security problems.