Articles about security


Howto restrict what htaccess files can do on Apache

web If you are running Apache 2....

Fixinator and Foundeo Security Bundle

coldfusion I'm pleased to announce that ...

csrfVerifyToken does not invalidate the token

coldfusion When you are using ...

Cookie Expires / Max-Age 1969-12-31T23:59:59.000Z

web Have you ever noticed a ...

SameSite Cookies with IIS

coldfusion java web SameSite cookies are a great ...

Announcing FuseGuard Version 3

coldfusion After many hours in ...

Java Unlimited Strength Crypto Policy for Java 9 or 1.8.0_151

java Starting with Java 1.8....

Java 9 Security Enhancements

java With the General Availability ...

CFSummit 2016 Slides

coldfusion Here are my slides from the ...

Securing Legacy CFML - dev.Objective() 2016 Slides

coldfusion Back from another great dev....

HackMyCF Adds SSL/TLS Scanner

coldfusion web I'm pleased to announce a ...

Scope Injection in CFML

coldfusion Here is an interesting ...

Apache Security Patches on CentOS / RHEL

web Those familiar with RedHat ...

FuseGuard 2.4 Released

coldfusion I'm pleased to announce the ...

New HackMyCF Features

coldfusion HackMyCF, my company's ...

Blocking .svn and .git Directories on Apache or IIS

web One of the issues that our ...

Firefox Aurora now Supports Content Security Policy 1.0

web Today with the release of ...

Writing Secure CFML cfObjective 2013 Slides

coldfusion Here are the slides to my cf....

J2EE Sessions in CF10 Uses Secure Cookies

coldfusion This week I helped out a ...

Learn about ColdFusion Security at cfObjective 2013

coldfusion For the past two-three months ...

Session Loss and Session Fixation in ColdFusion

coldfusion I often find myself ...

Understanding HashDos and postParameterLimit

coldfusion I received a question today ...

ColdFusion 10 Security Enhancements Presentation

coldfusion I've given a couple ...

Setup ColdFusion 9.0.1 Fully Patched

coldfusion Adobe this week released a ...

HashDOS and ColdFusion

coldfusion java Earlier this week at the 28C3 ...

HackMyCF Updated for APSB11-29 Security Hotfix

coldfusion Adobe released a security ...

Adobe eSeminar on FuseGuard

coldfusion Adobe has asked me to do an ...

Determining Which Cumulative Hotfixes are Installed on ColdFusion

coldfusion It's not always obvious which ...

Adding Two Factor Authentication to ColdFusion Administrator

coldfusion A few months back I was ...

Bug Loading Scripts for CFFileUpload and CFMediaPlayer

coldfusion It has recently come to my ...

Client Variable Cookie CFGLOBALS Includes Session Ids

coldfusion I was recently conducting a ...

Maximum Security CFML - cfObjective Slides

coldfusion What a great conference cf....

ColdFusion Lockdown Series - Multiple Partitions

coldfusion One of the most frequent ...

ColdFusion's Builtin Enterprise Security API

coldfusion One of the nice side effects ...

Recent ColdFusion Security Hotfix Updated Today

coldfusion Adobe has updated the ...

Java 1.6.0_24 Released Patches DOS Vulnerability

java As mentioned last week, a ...

Important Java Security Patch Released

coldfusion java Oracle has just released a ...

HackMyCF Scanner Updated

coldfusion Yesterday I added some ...

Changing the ColdFusion CFIDE Scripts Location

coldfusion One of the things that the ...

Announcing HackMyCF Paid Subscriptions

coldfusion Hopefully you are now aware ...

HTTP Strict Transport Security

web An emerging standard called ...

Setting up HTTPOnly Session Cookies for ColdFusion

coldfusion Internet Explorer pioneered a ...

Path Traversal Vulnerability Security Hotfix for ColdFusion Released

coldfusion Adobe released a security ...

Using AntiSamy with ColdFusion

coldfusion How do you protect your code ...

Writing Secure CFML Slides from CFUnited 2010

coldfusion As promised I just published ...

Locking Down ColdFusion Presentation Slides

coldfusion The slides for my 2010 ...

Cross Domain Data Theft using CSS

web FireFox (3.6....

10 Ideas to Improve Security in ColdFusion 10

coldfusion I do a lot of work related to ...

CFMeetup Thursday: Intro to FuseGuard and Web Application Firewalls

coldfusion I will be presenting at the ...

How to Disable Robust Exception Information on Railo

coldfusion As you know one of the first ...

Is your ColdFusion Administrator Actually Public?

coldfusion Every so often I get an email ...

HackMyCF.com Now Detects BlazeDS Vulnerability

coldfusion I've just finished updating ...

How to tell if a site takes security seriously

misc Here are some easy ways you ...

Last Day to win Free ColdFusion Security Training

coldfusion As you may have heard, Jason ...

Request Filtering in IIS 7 Howto

web I've been doing some security ...

Hands on ColdFusion Security Training

coldfusion One of the best ways to ...

ColdFusion 9 Solr Vulnerability - Are you at Risk?

coldfusion Adobe just released a ...

CFLogin Security Considerations

coldfusion If you use the cflogin tag to ...

How to Get a Green SSL Certificate

web Just as SSL Certificates were ...

Slides for NYCFUG Security Presentation

coldfusion Here are the slides for my ...

FuseGuard Released - Protects your ColdFusion Apps

coldfusion I am happy to announce today ...

Speaking at NYCFUG Tonight - Writing Secure CFML

coldfusion I will be speaking at the New ...

Howto Require SSL for ColdFusion Administrator

coldfusion A good security practice is ...

You May Need to Reapply CF Security Hotfix CVE-2009-1877

coldfusion Back in August Adobe released ...

ColdFusion Server Security Scanner

coldfusion My company Foundeo Inc....

Prefix Serialized JSON in ColdFusion

coldfusion When ColdFusion 8 added the ...

FCKeditor Access Denied

coldfusion I have a client using the ...

IIS: Disabling Weak SSL Protocols and Ciphers

web It's no secret by now that if ...

Using Railo, Secure The railo-context

coldfusion If you are using Railo you ...

ColdFusion wsconfig Hotfix CVE-2009-1876 is for Apache Only

coldfusion There has been some confusion ...

ColdFusion Security Hotfixes Released

coldfusion Adobe posted several critical ...

Security Tradeoffs

misc I've said it before, ...

Hotfix for CF8 FCKeditor Vulnerability Released

coldfusion Adobe has just released a ...

Hardening ColdFusion - cfObjective 2009 Presentation Slides

coldfusion I've been meaning to post the ...

Risks of FCKeditor Vulnerability in CF8

coldfusion I've had a chance to look at ...

ColdFusion 8 FCKeditor Vulnerability

coldfusion There have been a few stories ...

Firefox 3.5 Introduces Origin Header, Security Features

web FireFox 3....

Tips for Secure File Uploads with ColdFusion

coldfusion Allowing someone to upload a ...

Devnet Article on Securing CF From SQL Injection

coldfusion I was just reading through ...

Web Application Firewall for ColdFusion Launched

coldfusion I'm excited to announce today ...

Mastering CFQUERYPARAM

coldfusion If you haven't been using the ...

Hash those Passwords

web Spry recently had an ...

ColdFusion 8 Security Whitepaper

coldfusion Adobe has published a ...

Firefox Now Supports HttpOnly Cookies

web You may be surprised to learn ...

ColdFusion Security Presentation Slides

coldfusion I want to thank everyone who ...

Announcing Web Application Firewall for ColdFusion

coldfusion I'm proud to announce a Web ...

Web Application Security Blog Aggregator

web Christian Matthies has ...

CFPARAM for Simple String Validation

coldfusion With the addition of a dozen ...

The Dangers of Flash's crossdomain.xml

web PHP security guru Chris ...

Web Application Vulnerabilities trump Buffer Overflows

web This should be an eye opener ...

Web Application Security Cheat Sheet

web SecGuru has posted a cheat ...

Secure Browsing Mode

web Ivan Ristic has posted a ...

Amazon CTO on Security

web Credit card information ...

Web Form Security and the Middle Man

web A friend of mine, Matt Finn, ...

How To Scream Unsecured

web I was considering purchasing ...

How to Break Web Software

books web There is a good presentation ...

Secure Forms

web Chris Shiflett, the author of ...

Howto Disable the Server Header in IIS

web Steven Erat just pointed me ...

20 ways to Secure your Apache Configuration

web Here are 20 things you can do ...

Top 20 Internet Security Vulnerabilities of 2005

apple databases linux misc web SANS has published a list of ...

MySpace Hacked with CSRF and XSS

web It seams that someone ...

Turn off autocomplete for credit card input

web Memo to web developers ...

RDS Security Problems?

coldfusion Erki Esken posted a comment ...

Portable Web Application Firewall Rule Format

web Ivan Ristic, the author of ...

ServerTokens Prod, ServerSignature Off

web I tend to forget the syntax ...

Oracle Critical Updates

databases Oracle has released a ...

Free Chapters in Apache Security

books Ivan has made two chapters ...

HTTP Request Smuggling (HRS)

web WatchFire has released a ...

Detecting SQL Injection with ScriptProtect

coldfusion databases It occurred to me this ...

ScriptProtect in ColdFusion MX 7 not a catch all

coldfusion ColdFusion MX 7 has a new ...

Cross Site Request Forgery (CSRF) Attacks

web I found a site that has some ...

Please do not go to this website!

misc web Via Loose Wire - Someone has ...

Apache mod_rewrite URLs Also Provide Validation

coldfusion web I Realized something when ...

Real World Linux Security

linux I read part of Real World ...

Pete has written about security a total of 114 times.

Foundeo Inc.