Articles about security

2022

• Speaking at ColdFusion Summit Online Next Week
• OpenSSL and ColdFusion / Lucee / Tomcat
• ColdFusion Security Training Class December 2022
• ColdFusion Summit 2022 Slides
• Ways to suppress a finding in Fixinator
• Spring4Shell and ColdFusion

2021

• Log4j 1.x Vulnerability Mitigation Guide
• Log4Shell Vulnerability Timeline
• How to get Log4j Version at Runtime in Java
• Log4j CVE-2021-44228 Log4Shell Vulnerability on ColdFusion / Lucee
• Securing ColdFusion Applications - DevWeek 2021

2020

• ColdFusion 2020 Developer Week - Securing CF

2019

• Timing Attacks and the Timing-Allow-Origin Header
• Howto restrict what htaccess files can do on Apache
• Fixinator and Foundeo Security Bundle
• csrfVerifyToken does not invalidate the token
• Cookie Expires / Max-Age 1969-12-31T23:59:59.000Z

2018

• SameSite Cookies with IIS

2017

• Announcing FuseGuard Version 3
• Java Unlimited Strength Crypto Policy for Java 9 or 1.8.0_151
• Java 9 Security Enhancements

2016

• CFSummit 2016 Slides
• Securing Legacy CFML - dev.Objective() 2016 Slides

2015

• HackMyCF Adds SSL/TLS Scanner
• Scope Injection in CFML

2013

• Apache Security Patches on CentOS / RHEL
• FuseGuard 2.4 Released
• New HackMyCF Features
• Blocking .svn and .git Directories on Apache or IIS
• Firefox Aurora now Supports Content Security Policy 1.0
• Writing Secure CFML cfObjective 2013 Slides
• J2EE Sessions in CF10 Uses Secure Cookies
• Learn about ColdFusion Security at cfObjective 2013
• Session Loss and Session Fixation in ColdFusion

2012

• Understanding HashDos and postParameterLimit
• ColdFusion 10 Security Enhancements Presentation
• Setup ColdFusion 9.0.1 Fully Patched

2011

• HashDOS and ColdFusion
• HackMyCF Updated for APSB11-29 Security Hotfix
• Adobe eSeminar on FuseGuard
• Determining Which Cumulative Hotfixes are Installed on ColdFusion
• Adding Two Factor Authentication to ColdFusion Administrator
• Bug Loading Scripts for CFFileUpload and CFMediaPlayer
• Fixing Apache (13)Permission denied: access to / 403 Forbidden
• Client Variable Cookie CFGLOBALS Includes Session Ids
• Maximum Security CFML - cfObjective Slides
• ColdFusion Lockdown Series - Multiple Partitions
• ColdFusion's Builtin Enterprise Security API
• Recent ColdFusion Security Hotfix Updated Today
• Java 1.6.0_24 Released Patches DOS Vulnerability
• Important Java Security Patch Released
• HackMyCF Scanner Updated
• Changing the ColdFusion CFIDE Scripts Location
• Announcing HackMyCF Paid Subscriptions

2010

• HTTP Strict Transport Security
• Setting up HTTPOnly Session Cookies for ColdFusion
• Path Traversal Vulnerability Security Hotfix for ColdFusion Released
• Using AntiSamy with ColdFusion
• Writing Secure CFML Slides from CFUnited 2010
• Locking Down ColdFusion Presentation Slides
• Cross Domain Data Theft using CSS
• 10 Ideas to Improve Security in ColdFusion 10
• CFMeetup Thursday: Intro to FuseGuard and Web Application Firewalls
• How to Disable Robust Exception Information on Lucee or Railo
• Is your ColdFusion Administrator Actually Public?
• HackMyCF.com Now Detects BlazeDS Vulnerability
• How to tell if a site takes security seriously
• Last Day to win Free ColdFusion Security Training
• Request Filtering in IIS 7 Howto
• Hands on ColdFusion Security Training
• ColdFusion 9 Solr Vulnerability - Are you at Risk?

2009

• CFLogin Security Considerations
• How to Get a Green SSL Certificate
• Slides for NYCFUG Security Presentation
• FuseGuard Released - Protects your ColdFusion Apps
• Speaking at NYCFUG Tonight - Writing Secure CFML
• Howto Require SSL for ColdFusion Administrator
• You May Need to Reapply CF Security Hotfix CVE-2009-1877
• ColdFusion Server Security Scanner
• Prefix Serialized JSON in ColdFusion
• FCKeditor Access Denied
• IIS: Disabling Weak SSL Protocols and Ciphers
• Using Railo, Secure The railo-context
• ColdFusion wsconfig Hotfix CVE-2009-1876 is for Apache Only
• ColdFusion Security Hotfixes Released
• Security Tradeoffs
• Hotfix for CF8 FCKeditor Vulnerability Released
• Hardening ColdFusion - cfObjective 2009 Presentation Slides
• Risks of FCKeditor Vulnerability in ColdFusion 8
• ColdFusion 8 FCKeditor Vulnerability
• Firefox 3.5 Introduces Origin Header, Security Features
• Tips for Secure File Uploads with ColdFusion
• Devnet Article on Securing CF From SQL Injection
• Web Application Firewall for ColdFusion Launched

2008

• Mastering CFQUERYPARAM

2007

• Hash those Passwords
• ColdFusion 8 Security Whitepaper
• Firefox Now Supports HttpOnly Cookies
• ColdFusion Security Presentation Slides
• Announcing Web Application Firewall for ColdFusion
• Web Application Security Blog Aggregator
• CFPARAM for Simple String Validation

2006

• The Dangers of Flash's crossdomain.xml
• Web Application Vulnerabilities trump Buffer Overflows
• Web Application Security Cheat Sheet
• Secure Browsing Mode
• Amazon CTO on Security
• Web Form Security and the Middle Man
• How To Scream Unsecured
• How to Break Web Software
• Secure Forms

2005

• Howto Disable the Server Header in IIS
• 20 ways to Secure your Apache Configuration
• Top 20 Internet Security Vulnerabilities of 2005
• MySpace Hacked with CSRF and XSS
• Turn off autocomplete for credit card input
• RDS Security Problems?
• Portable Web Application Firewall Rule Format
• ServerTokens Prod, ServerSignature Off
• Oracle Critical Updates
• Free Chapters in Apache Security
• HTTP Request Smuggling (HRS)
• Detecting SQL Injection with ScriptProtect
• ScriptProtect in ColdFusion MX 7 not a catch all
• Cross Site Request Forgery (CSRF) Attacks
• Please do not go to this website!
• Apache mod_rewrite URLs Also Provide Validation

2003

• Real World Linux Security

Pete has written about security a total of 128 times. In articles about security, Pete also often writes about: coldfusion, presentations, java, xss, and apache.