ColdFusion Security Training
Writing Secure CFML
Live Online Training
We do not have a class scheduled right now, however you can signup to be notified when our next live online ColdFusion Security training class dates have been published.
On Demand Training
Video recordings from a previous ColdFusion Security Training class for developers (held in December 2023) can be purchased.
Video recordings from a previous ColdFusion Security Training class for developers (held in December 2023) can be purchased.
What Students Are Saying...
"Pete Freitag is the ultimate security expert for ColdFusion/CFMl, and this course should be required training for all ColdFusion developers. Whether you have used CFML for 20+ years, or if you are starting out, this course will give you valuable takeaways as it covers a comprehensive range of security issues, and solutions for those issues. I loved the format, hands on practical examples where you implement the solution. I cannot recommend this course highly enough."
-- Gavin Pickin
-- Gavin Pickin
"If you are a developer or manager
and you are looking to upgrade security knowledge and skills. Then you
must attend Pete Freitag's security or webinar classes. I attended his
class in Washington DC and when I returned I immediately put what I learned
to work to secure my application."
-- George Murphy
-- George Murphy
"Pete’s security workshop was the perfect amount of real-world scenarios to look out for, and quality information about how to prevent such issues. He covered everything from basic best practices like blocking SQL injection and cross-site scripting, to more esoteric yet equally important tricks! This is a quality workshop well worth your time — drink coffee first and takes lots of notes!"
-- Nolan Erck
-- Nolan Erck
ColdFusion Security Training Course Outline
The course covers a wide range of vulnerabilities that CFML web developers should be aware of. For each vulnerability the students will learn about it, attempt to exploit it, and last but certainly not least fix or mitigate the vulnerability.
- Core Security Principals
- Proactive Coding Guidelines
- OWASP Top 10
- SQL Injection
- Remote Code Execution
- Path Traversals & File Path Vulnerabilities
- File Upload Vulnerabilities
- Cross Site Scripting
- Cross Site Request Forgery
- Session Hijacking
- Cookie Security
- Password Storage
- Authentication
- Authorization
- Content Security Policy
- Timing Attacks
- Scope Injection
- LDAP Injection
- XML Security Issues
- Security Tools: OWASP Zap, Fixinator
- And more!
ColdFusion Server 2023 Lockdown Video
A video version of the ColdFusion 2023 Lockdown Guide
Purchase VideoThis two hour video training series goes through the Lockdown and Installation of a ColdFusion 2023 Server on a Windows 2022 server with IIS. It follows sections 1 through 4 of the Lockdown Guide step by step, explaining each option / setting.
The ColdFusion lockdown video is narrated by Pete Freitag, the author of the ColdFusion 2023 Lockdown Guide which was published by Adobe. You'll learn the motivation behind several of the suggestions in the ColdFusion Lockdown Guide directly from Pete.Locking Down ColdFusion 2023 Video Outline
- Introduction
- Installing IIS on Windows 2022
- Set up Web Sites in IIS
- Installing ColdFusion 2023
- Running the ColdFusion Lockdown Installer
- Post Lockdown Installer
- Updating the Java Virtual Machine
- Disabling Unused ColdFusion Services
- ColdFusion Package Manager (CFPM)
- Configuring the ColdFusion Administrator
- Server Settings: Settings
- Server Settings: Request Tuning
- Server Settings: Caching
- Server Settings: Client Variables
- Server Settings: Memory Variables
- Server Settings: Mappings
- Server Settings: Mail
- Server Settings: Websockets & Charting
- Data & Services
- Debugging & Logging
- Event Gateways
- Security