Foundeo releases ColdFusion Web Application Firewall

This post is more than 2 years old.

Got an email a few minutes ago from Foundeo announcing their new firewall product written completely in ColdFusion. Stealing a bit from their email to me, features include:

  • Cross Site Scripting / XSS
  • SQL Injection
  • Session Hijacking
  • Cross Site Request Forgery
  • CRLF Injection
  • Path Traversal Attacks
  • Password Dictionary Attacks
  • Extensible CFC API for writing your own Filters and Loggers
  • Configure it in a language you already know - CFML!
  • Runs on most shared hosting accounts
  • Runs and Tested on ColdFusion 6.1+, OpenBD 1+, Railo 3+

Seems pretty impressive. I haven't used it myself, but if anyone wants to review it in the comments below, I'd love to hear more.

Raymond Camden's Picture

About Raymond Camden

Raymond is a senior developer evangelist for Adobe. He focuses on document services, JavaScript, and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA

Archived Comments

Comment 1 by Pete Freitag posted on 4/2/2009 at 9:34 PM

Thanks for posting this Ray. I will be happy to answer any questions that anyone has.

Comment 2 by Amy posted on 4/2/2009 at 9:39 PM

Perhaps a bit more description on features. I see some that are above and beyond http://portcullis.riaforge.... however more detail would be helpful.

Comment 3 by Pete Freitag posted on 4/2/2009 at 9:44 PM

@Amy I am working on getting more descriptive content on the web site. I will post a comment when I have that ready. In the mean time you can download the evaluation copy which includes more documentation. Thanks

Comment 4 by Chris Amaro posted on 4/3/2009 at 12:10 AM

Looks awesome. Can't wait to try it.

Comment 5 by Jeremy Prevost posted on 4/3/2009 at 2:04 AM

@Amy: Yeah, I was thinking Portcullis myself when I read the description the other day.

Comment 6 by DanaK posted on 4/4/2009 at 7:41 PM

Was there any thought given to an unencrypted version of the product within certain constraints? I completely understand why it is the way it is, just given the nature of our work we could never even try it out in production.

Comment 7 by Pete Freitag posted on 4/4/2009 at 7:43 PM

@Dana only the trail version is encrypted, the regular versions are not encrypted.

Comment 8 by DanaK posted on 4/6/2009 at 8:43 PM

good to know, thanks Pete!