<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=113894&amp;fmt=gif">

SECURITY INFLUENCERS BLOG

Security influencers provide real-world insight and “in-the-trenches” experiences on topics ranging from application security to DevOps and risk management

ColdFusion and Application Security

ColdFusion Logo Adobe Macromedia

Contrast Now Supports Securing ColdFusion!
Even before adding support for .NET, the Contrast team had planned to support ColdFusion. Let's go through our preferred customer checklist:

  • Smart community: Check.
  • Enterprise developers: Check.
  • Security aware: Check.
  • Not a lot of great options for security automation: Check.
  • Runs on the JVM: Check.

We knew it was a great fit. But when we set out to support ColdFusion, we considered something that others didn't.

Our research has shown that most of the breaches in ColdFusion apps were actually due to vulnerabilities in the ColdFusion platform, and not necessarily from mistakes made in the custom code that developers write.

So in designing our ColdFusion agent, we went in with the attitude that finding vulnerabilities inside of the ColdFusion platform *and* inside of ColdFusion custom applications were both necessary. When we run our Contrast agent on a fresh, out-of-the-box ColdFusion 9 app, you'll see that Contrast tells us we should quickly install several hotfixes.

Screen_Shot_2014-04-25_at_10.58.24_AM

We knew that static tools have never really had great support for ColdFusion. Some companies are scanning ColdFusion code, but they can't detect vulnerabilities in your ColdFusion platform itself because they don't have access to it! Contrast has a history of detecting vulnerabilities regardless of whether or not you own the code yourself - because you own the risk, regardless of who owns the code.

We're ready to help! We've completed our first round of beta testing, and we have a challenge for any ColdFusion developer wondering about their application security: Contact us to learn more!

Arshan Dabirsiaghi, Co-Founder, Chief Scientist

Arshan Dabirsiaghi, Co-Founder, Chief Scientist

Arshan is an accomplished security researcher with 10+ years of experience advising large organizations about application security. Arshan has released popular application security tools, including AntiSamy and JavaSnoop.

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook