ColdFusion Security Training
Writing Secure CFML
A hands-on CFML / ColdFusion Security Training class for developers. Learn how to identify and fix security vulnerabilities in your ColdFusion / CFML applications.
When: Tuesday December 9, 2025 @ 11am-2pm & Wednesday December 10 @ 11am-2pm
(US Eastern Standard Time, UTC -5) - 6 hours in total.
Where: Online / Web Conference
Who: Taught by Pete Freitag
Cost: $800/student $600/student
🕊️ Early Bird Pricing, use code earlybird25
(Ends October 1st 2025)
The class will be recorded, so if you cannot attend it fully online you will have access to a recording.

Video recordings from a previous ColdFusion Security Training class for developers (held in December 2023) can be purchased.
What Students Are Saying...

-- Gavin Pickin
-- George Murphy


-- Nolan Erck
ColdFusion Security Training Course Outline
The course covers a wide range of vulnerabilities that CFML web developers should be aware of. For each vulnerability the students will learn about it, attempt to exploit it, and last but certainly not least fix or mitigate the vulnerability.
- Core Security Principals
- Proactive Coding Guidelines
- OWASP Top 10
- SQL Injection
- Remote Code Execution
- Path Traversals & File Path Vulnerabilities
- File Upload Vulnerabilities
- Cross Site Scripting
- Cross Site Request Forgery
- Session Hijacking
- Cookie Security
- Password Storage
- Authentication
- Authorization
- Content Security Policy
- Timing Attacks
- Scope Injection
- LDAP Injection
- XML Security Issues
- Security Tools: OWASP Zap, Fixinator
- And more!
ColdFusion Server 2023 Lockdown Video
A video version of the ColdFusion 2023 Lockdown Guide
Purchase VideoThis two hour video training series goes through the Lockdown and Installation of a ColdFusion 2023 Server on a Windows 2022 server with IIS. It follows sections 1 through 4 of the Lockdown Guide step by step, explaining each option / setting.
The ColdFusion lockdown video is narrated by Pete Freitag, the author of the ColdFusion 2023 Lockdown Guide which was published by Adobe. You'll learn the motivation behind several of the suggestions in the ColdFusion Lockdown Guide directly from Pete.Locking Down ColdFusion 2023 Video Outline
- Introduction
- Installing IIS on Windows 2022
- Set up Web Sites in IIS
- Installing ColdFusion 2023
- Running the ColdFusion Lockdown Installer
- Post Lockdown Installer
- Updating the Java Virtual Machine
- Disabling Unused ColdFusion Services
- ColdFusion Package Manager (CFPM)
- Configuring the ColdFusion Administrator
- Server Settings: Settings
- Server Settings: Request Tuning
- Server Settings: Caching
- Server Settings: Client Variables
- Server Settings: Memory Variables
- Server Settings: Mappings
- Server Settings: Mail
- Server Settings: Websockets & Charting
- Data & Services
- Debugging & Logging
- Event Gateways
- Security