Sign up to save your podcasts
Or
Share 020 Secrets of High-Security ColdFusion Code, With Pete Freitag
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
020 Secrets of High-Security ColdFusion Code, With Pete Freitag
Pete Freitag talks about “Secrets of High-Security ColdFusion Code” in this episode of ColdFusion Alive Podcast with host Michaela Light.
Pete is the founder of Foundeo, creator of FuseGuard and HackMyCF and he is a ColdFusion security expert.
Show notes
Why should you care about security in your CF code
What is the most common misconception about website security
How long does it typically take between being hacked and discovering the hack
How to get started securing your CF code
Are some versions of CF more secure than others and why?
Why the evaluate() and iif() functions may be the windows your hackers enter your site through
How File Uploads can let the bad guys in
Why storing API keys in your code is a terrible idea
ColdFusion Session hijacking
Isn’t it a bad idea to document security holes on the public web?
How does CF security compare to Ruby on Rails, PHP, Java and other programming languages
What other ways do hackers get into CF servers?
IIS
SQL Server
Windows
Social engineering
What about modern SSL
Tell us why someone should be using FuseGuard and HackMyCF
Why are you proud to use CF?
WWIT for you to make CF more alive this year?
What are you looking forward to at Into The Box?
The task of securing your large code bases from vulnerabilities can be an overwhelming and time-consuming task. Many developers don't know where to start, and never do. This session will arm you with an approach slaying those legacy security vulnerabilities in your CFML code. You will also learn about several vulnerabilities and things to look out for as you develop new code.
Mentioned in this episode
FuseGuard
HackMyCF
HTTP vs HTTPS
Listen to the Audio
Bio
Pete Freitag
Pete Freitag has well over a dozen years of experience building web applications with ColdFusion. In 2006 he started Foundeo Inc (foundeo.com), a ColdFusion consulting and products company. Pete helps clients develop and architect custom ColdFusion applications, as well as review and improve the performance and security of existing applications. He has also built several products and services for ColdFusion including a Web Application Firewall for ColdFusion called FuseGuard (fuseguard.com) and a ColdFusion server security scanning service called HackMyCF (hackmycf.com). Pete holds a BS in Software Engineering from Clarkson University.
Links
Foundeo
Twitter
Blog
(* WWIT = What Would It Take)
Interview transcript
Michael: Welcome back to the show. I'm here with Pete Frietag, or Freitag. How do you say your name Pete?
Pete: In German, I mean, it's Freitag, so probably if you want to go with that pronunciation, it'd be Freitag.
Michael: Freitag. In America, we say ...
Pete: You say Freitag.
Michael: Freitag. All right. He's the founder of Foundeo, that sounds very whatever, founder of Foundeo. He is a ColdFusion security expert. He's the creator of FuseGuard and HackMyCF. Not surprising to me, we're gonna be talking about secrets of high security ColdFusion code today on the CF Alive podcast. We're alive here at Into the Box, which is why we're on the same piece of video real estate here. Coming up in this episode, we're going to be looking at why you should even care about securing your ColdFusion code, and what the common misconception is about website security. How long does it typically take between a site being hacked and discovering the hack? How you should get started securing your CF code, and are some versions of ColdFusion more [inaudible 00:01:11] than others, and why is that the case.
Read more
And to continue learning how to make your ColdFusion apps more modern and alive, I encourage you to download our free ColdFusion Alive Best Practices Checklist.Because… perhaps you are responsible for a mission-critical or revenue-genera...
View all episodes
By Michaela Light
4.8
55 ratings
Pete Freitag talks about “Secrets of High-Security ColdFusion Code” in this episode of ColdFusion Alive Podcast with host Michaela Light.
Pete is the founder of Foundeo, creator of FuseGuard and HackMyCF and he is a ColdFusion security expert.
Show notes
Why should you care about security in your CF code
What is the most common misconception about website security
How long does it typically take between being hacked and discovering the hack
How to get started securing your CF code
Are some versions of CF more secure than others and why?
Why the evaluate() and iif() functions may be the windows your hackers enter your site through
How File Uploads can let the bad guys in
Why storing API keys in your code is a terrible idea
ColdFusion Session hijacking
Isn’t it a bad idea to document security holes on the public web?
How does CF security compare to Ruby on Rails, PHP, Java and other programming languages
What other ways do hackers get into CF servers?
IIS
SQL Server
Windows
Social engineering
What about modern SSL
Tell us why someone should be using FuseGuard and HackMyCF
Why are you proud to use CF?
WWIT for you to make CF more alive this year?
What are you looking forward to at Into The Box?
The task of securing your large code bases from vulnerabilities can be an overwhelming and time-consuming task. Many developers don't know where to start, and never do. This session will arm you with an approach slaying those legacy security vulnerabilities in your CFML code. You will also learn about several vulnerabilities and things to look out for as you develop new code.
Mentioned in this episode
FuseGuard
HackMyCF
HTTP vs HTTPS
Listen to the Audio
Bio
Pete Freitag
Pete Freitag has well over a dozen years of experience building web applications with ColdFusion. In 2006 he started Foundeo Inc (foundeo.com), a ColdFusion consulting and products company. Pete helps clients develop and architect custom ColdFusion applications, as well as review and improve the performance and security of existing applications. He has also built several products and services for ColdFusion including a Web Application Firewall for ColdFusion called FuseGuard (fuseguard.com) and a ColdFusion server security scanning service called HackMyCF (hackmycf.com). Pete holds a BS in Software Engineering from Clarkson University.
Links
Foundeo
Twitter
Blog
(* WWIT = What Would It Take)
Interview transcript
Michael: Welcome back to the show. I'm here with Pete Frietag, or Freitag. How do you say your name Pete?
Pete: In German, I mean, it's Freitag, so probably if you want to go with that pronunciation, it'd be Freitag.
Michael: Freitag. In America, we say ...
Pete: You say Freitag.
Michael: Freitag. All right. He's the founder of Foundeo, that sounds very whatever, founder of Foundeo. He is a ColdFusion security expert. He's the creator of FuseGuard and HackMyCF. Not surprising to me, we're gonna be talking about secrets of high security ColdFusion code today on the CF Alive podcast. We're alive here at Into the Box, which is why we're on the same piece of video real estate here. Coming up in this episode, we're going to be looking at why you should even care about securing your ColdFusion code, and what the common misconception is about website security. How long does it typically take between a site being hacked and discovering the hack? How you should get started securing your CF code, and are some versions of ColdFusion more [inaudible 00:01:11] than others, and why is that the case.
Read more
And to continue learning how to make your ColdFusion apps more modern and alive, I encourage you to download our free ColdFusion Alive Best Practices Checklist.Because… perhaps you are responsible for a mission-critical or revenue-genera...