ColdFusion Security Resources

This morning I received an email from Nadia asking the following:

I do check your website and also the website for CF tips and info especially about security.
I am A Ph.D. Student and am required to write a paper and try to submit it to the ACM Journal. I have had some experience with ColdFusion Security Fixes, at my previous job at JSC-NASA. I am thinking to write my paper about Preventive measure in CF against security threats in regards to SQL Injection, XSS and maybe CSRF Attacks and recommended steps to mitigate these vulnerabilities.

I have two questions: I was wondering if you have links somewhere to these topics, like recent blogs or something. My other question would be would there be a more recently related CF Security problems and fixes that I can write about?

This is a topic that comes up pretty often. There is an official Adobe ColdFusion Security page: It’s pretty bare but has the damn good lockdown guide by Pete Freitag. This PDF is more server related then code related, but I’d consider it required reading for any ColdFusion installation.

You mentioned I assume you mean which is Jason Dean’s blog. You can find his security category here:

Pete Freitag (author of the lockdown guide above) also has a security category for his blog:

Finally, I’d also mention UGTV – here is a search page for security:

Hopefully this is enough to get you started. Readers – please feel free to add more links.