ColdFusion Security Training
Writing Secure CFML
A hands-on CFML / ColdFusion Security Training class for developers. Learn how to identify and fix security vulnerabilities in your ColdFusion / CFML applications.
Live Online Training
We do not have a class scheduled right now, however you can signup to be notified when our next live online ColdFusion Security training class dates have been published.
On Demand Training
Video recordings from our previous ColdFusion Security Training class (held in December 2020) can be purchased.
Video recordings from our previous ColdFusion Security Training class (held in December 2020) can be purchased.
What Students Are Saying...
"Pete Freitag is the ultimate security expert for ColdFusion/CFMl, and this course should be required training for all ColdFusion developers. Whether you have used CFML for 20+ years, or if you are starting out, this course will give you valuable takeaways as it covers a comprehensive range of security issues, and solutions for those issues. I loved the format, hands on practical examples where you implement the solution. I cannot recommend this course highly enough."
-- Gavin Pickin
-- Gavin Pickin
"If you are a developer or manager
and you are looking to upgrade security knowledge and skills. Then you
must attend Pete Freitag's security or webinar classes. I attended his
class in Washington DC and when I returned I immediately put what I learned
to work to secure my application."
-- George Murphy
-- George Murphy
"Pete’s security workshop was the perfect amount of real-world scenarios to look out for, and quality information about how to prevent such issues. He covered everything from basic best practices like blocking SQL injection and cross-site scripting, to more esoteric yet equally important tricks! This is a quality workshop well worth your time — drink coffee first and takes lots of notes!"
-- Nolan Erck
-- Nolan Erck
ColdFusion Security Training Course Outline
The course covers a wide range of vulnerabilities that CFML web developers should be aware of. For each vulnerability the students will learn about it, attempt to exploit it, and last but certainly not least fix or mitigate the vulnerability.
- Core Security Principals
- Proactive Coding Guidelines
- OWASP Top 10
- SQL Injection
- Remote Code Execution
- Path Traversals & File Path Vulnerabilities
- File Upload Vulnerabilities
- Cross Site Scripting
- Cross Site Request Forgery
- Session Hijacking
- Cookie Security
- Password Storage
- Authentication
- Authorization
- Content Security Policy
- Timing Attacks
- Scope Injection
- LDAP Injection
- XML Security Issues
- Security Tools: OWASP Zap, Fixinator
- And more!