ColdFusion Summit 2024 Slides: 20 ways to secure CF
This year at the Adobe ColdFusion summit in Las Vegas I presented on 20 ways to secure ColdFusion.
From: Pete Freitag's Homepage
10/4/24, 7:18 PM
Coldfusion/Lucee
Latest ColdFusion Security Updates - September 2024
I am going to attempt to keep this page updated with the latest ColdFusion Security Updates and Hotfixes published by Adobe.
From: Pete Freitag's Homepage
9/10/24, 11:28 PM
Coldfusion/Lucee
Left and Right Accept Negative Counts
8 ) { //strip https:// website = right(website, len(website)-8); } As long as you are doing that kind of check, you should not have any issue with unexpected change of behavior due to this change.
From: Pete Freitag's Homepage
5/2/24, 8:51 PM
Coldfusion/Lucee
Fixinator fixes unscoped variables
Last week's Adobe ColdFusion security update disabled searchImplicitScopes by default.
From: Pete Freitag's Homepage
3/21/24, 9:39 PM
Coldfusion/Lucee
ColdFusion searchImplicitScopes and APSB24-14
Adobe has published a ColdFusion Security Hotfix APSB24-14 today which describes "a critical vulnerability that could lead to arbitrary file system read".
From: Pete Freitag's Homepage
3/13/24, 12:39 AM
Coldfusion/Lucee
2/22/24, 9:34 PM
Coldfusion/Lucee
DNS over HTTPS is not what I thought
A few months ago I was on a mission to remove some of the old broken links on my blog.
From: Pete Freitag's Homepage
1/31/24, 1:48 AM
Coldfusion/Lucee
Remove the Server Header in any IIS Version
Removing the Server Header as of IIS 10 (the version of IIS installed by default on Windows Server 2016, 2019 or 2022) is now much easier than it had been with prior versions of IIS.
From: Pete Freitag's Homepage
12/6/23, 1:23 AM
Coldfusion/Lucee
Self Signed Certificates in Edge on Windows 2022
When setting up a server for training purposes I wanted to create a self signed certificate for app1.
From: Pete Freitag's Homepage
11/9/23, 10:16 PM
Coldfusion/Lucee
The newline cat mystery
I ran into a really strange problem today, whenever I would write a file it would show up as empty on my file system.
From: Pete Freitag's Homepage
11/8/23, 11:09 PM
Coldfusion/Lucee
Ticket to ColdFusion Summit 2023
The Adobe ColdFusion Summit is coming up in October.
From: Pete Freitag's Homepage
9/14/23, 12:16 AM
Coldfusion/Lucee
Into The Box 2023 Slides
I'm back from Houston Texas after another great Into the Box conference. Slides for my talk Taming the top 25 Most Dangerous Software Weaknesses can be found here. For code samples I used my Bank of Insecurity repository which is full of security weaknesses.
From: Pete Freitag's Homepage
5/23/23, 11:17 PM
Coldfusion/Lucee