Limit Display to Recordings of
<= 1
<= 5
<= 10
<= 30
<= 60
any
minutes duration
( 1 2 3 4 5 ) Next »
Search (within title, desc, presenter, URL):
Clear Search
44 recordings found with reference to security
Title Presenter Duration (h:mm) Date Posted Date Recorded
Submitter
CF Online Summit 2022: Below the surface: web vulnerabilities hiding in your applications (View video , Show Description )Congratulations! You've patched your servers, fixed all of your XSS, cfqueryparam'd away your SQL injections, federated your authentication, and all of your forms check CSRF tokens. But after you've covered the basics, what may still be lurking out there in your applications? This talk will look at a few vulnerability classes that are sometimes missed and how they relate to ColdFusion applications. Examples will include Server Side Request Forgery, cryptographic attacks, and more. My goal for this talk is to raise awareness about what may be some application security blindspots for some ColdFusion developers.
Brian Reilly
0:57 2023-01-25 2022-12-09 charlie arehart
CF Online Summit 2022: A Sneak Peek into ColdFusion Builder on VSCode (View video , Show Description )In the session, Nikhil Dubey will be talking about the newly released VSCode Extension for CFML and how it makes CFML developers' life easier. Starting briefly with some usage statistics and overview of plugin architecture, the talk will be throwing light on the value-adding features like code assist, code completion, formatting, navigation, etc. that the plugin offers. Unique features exclusive with Adobe plugin like RDS, Security Analyzer, Server Manager, Project Manager along with their utilities will be discussed in some details. A small demo will follow. Takeaways - Developers will be aware of various features available to make development effort smooth. They will also have an overall picture of how the extension is working internally.
Nikhil Dubey
1:11 2022-11-29 2022-11-18 Charlie Arehart
CF Summit 2021: Building the Next Generation of Secure Developers (View video , Show Description )As companies migrate to more resilient cloud infrastructures, threat actors continue to turn their attention to the application landscape as the new entry point for compromising systems.
Despite cyberattacks happening at a pace of every 39 seconds, only 3% of U.S. bachelor's degree graduates have cybersecurity-related skills. While several factors play into this, the most glaring is that faculty just don't know about the security field, leading to gaps between academia and industry. Unfortunately, the gap has gotten wider due to constant changes and growing toolchains in software development.
This is compounded by a consistent lack of employee training in secure coding principles and how it applies to the software development life cycle, causing new entrants into software development to be ill-prepared to build secure systems.
This session delved into:
- The growing security challenges developers face today - The current perceptions of “security” within the developer community - The need for secure coding education at the university level - Opportunities for learning secure coding in educational and corporate environments
Rey Bango
2022-02-25 2021-12-08 Charlie Arehart
CF Summit 2021: Tackling ColdFusion Security (View video , Show Description )Security can be a thorny and intimidating topic. Where do you start and what should you prioritize? In this talk, we had aim to set you on a path to improving the security of your ColdFusion Applications.
Pete Freitag
2022-02-25 2021-12-07 Charlie Arehart
CFMeetup: Avoiding Server-Side Request Forgery (SSRF) Vulns in CFML (View video , Show Description )Server-Side Request Forgery (SSRF) vulnerabilities allow an attacker to make arbitrary web requests (and in some cases, other protocols too) from the application environment. Exploiting these flaws can lead to leaking sensitive data, accessing internal resources, and under certain circumstances, remote command execution.
Several ColdFusion/CFML tags and functions can process URLs as file path arguments -- including some tags and and functions that you might not expect. If these tags and functions process unvalidated user-controlled input, this can lead to SSRF vulnerabilities in your applications. In addition to providing a list of affected tags and functions, I'll cover some approaches for identifying and remediating vulnerable code. My goal for this talk is to raise awareness about what may be a security blindspot for some ColdFusion/CFML developers.
Brian Reilly
1:00 2022-07-07 2021-11-11 charlie arehart
ColdFusion at 25: not the kid most have stuck in their minds (View video , Show Description )As ColdFusion turns 26 next month, many seem stuck remembering it only as the "teen" they knew or even the "child", when instead it's grown up to be a capable "adult", impressive in many ways, and even more so recently. In this session, we'll look back at how CF has indeed evolved into a very capable platform, with quite modern features that seem to surprise many--including people working with it currently. If you struggle "finding CF people" or "getting buy-in", perhaps these observations could help you with both challenges. If nothing else, they're things designed simply to help you get your job done, while keeping up with modern practices.
We'll start with many modern coding techniques--which will be familiar to those using more "modern" languages but that many don't realize CF supports, and may have for years. We'll then look at ways things such as CF installation/deployment, configuration/administration, monitoring, security, and more have improved over the years. And we'll look not only at CF itself but the community surrounding it, ranging from resources for help and learning to tools and services that others have created, making CF a far more complete ecosystem than most give it credit. Put another way: it's not your father's CF!
Charlie Arehart
1:04 2021-07-15 2021-06-22 charlie arehart
API's Part 5: Security and How to Protect Your Organization (View video , Show Description )Get a detailed look at Adobe ColdFusion's security standards, with respect to your APIs and the API Manager. Learn about OAuth, along with the configuration of user stores, to secure your organization's services. (Part 5 was originally to be another session, to be held the day before, "Policy Management and Access Controls", but it had to be postponed.)
Brian Sappey
0:53 2021-06-10 2021-05-13 charlie arehart
CFMeetup: Securing a ColdFusion Application with Fixinator & FuseGuard (View video , Show Description )In this session we'll take a look at a ColdFusion application that is vulnerable to several security issues. We'll look at some of the security holes in the application, how they can be exploited. Finally we'll use FuseGuard to protect the application, and Fixinator to find and fix some of the vulnerabilities in the application.
Pete Freitag
1:05 2021-01-28 2021-01-28 charlie arehart
CFMeetup: CF AMA: Ask Me Anything (View video , Show Description )Join us for another CF "Ask Me Anything" session, with your host Charlie Arehart and recent co-organizer Dan Wilson. We'll open the floor to any sort of CF-related questions you may have, whether about coding challenges or using CF features (on the newest or older versions), configuration or tuning, deployment, security, the future and state of CF, whatever.
You can offer questions in advance if you like, using this form:
https://docs.google.com/forms/d/e/1FAIpQLSenOp4GULwLA6q8UDIvhgXjAymSr2jM3zfSDEfFXu7yUVMhxw/viewform
Of course, some topics tend to generate more heat than light, so we hope folks will ask questions that may not be merely points of debate (preferences, disappointments, laments). And since we're not Adobe and don't speak for them, there are some topics where we won't be able to offer information that isn't publicly known. Still, there are many questions asked in the community (in various places) every day, so there are plenty of good questions. Of course, we can even talk about, "where are good places to ask CF questions?"! :-)
You bring 'em, we'll wing 'em. We'll even let others hop on to speak/share video/screen, if they feel they have a question or answer that would be better spoken than written in the chat.
Charlie Arehart and Dan Wilson
1:02 2021-01-16 2021-01-14 Charlie Arehart
CFMeetup: CF AMA: Ask Me Anything (View video , Show Description )Join us for our first "Ask Me Anything" session, with your host Charlie Arehart and recent co-organizer Dan Wilson. We'll open the floor to any sort of CF-related questions you may have, whether about coding challenges or using CF features, configuration or tuning, deployment, security, the upcoming new CF version, recent CF versions, the future and state of CF, whatever.
Of course, some topics tend to generate more heat than light, so we hope folks will ask questions that may not be merely points of debate (preferences, disappointments, laments). And since we're not Adobe and don't speak for them, there are some topics where we won't be able to offer information that isn't publicly known. Still, there are many questions asked in the community (in various places) every day, so there are plenty of good questions. Of course, we can even talk about, "where are good places to ask CF questions?"! :-)
You bring 'em, we'll wing 'em. We'll even let others hop on to speak/share video/screen, if they feel they have a question or answer that would be better spoken than written in the chat.
Charlie Arehart and Dan Wilson
1:15 2020-11-04 2020-10-22 Charlie Arehart
( 1 2 3 4 5 ) Next »
Show how many results?:
You can bookmark this search as http://www.carehart.org/ugtv/list.cfm?search=security
or track the search results using RSS:
RSS Feed of 10 latest presentations referring to: security -- (Validate RSS feed )
RSS Feed:
RSS Feed of 10 latest added presentations
Receive an email newsletter of newest entries: via Feedblitz