- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Web Application Security, with a Focus on ColdFusion
- Abstract
- Security is often overlooked in web application development. Web applications must be secured 'in depth' because they are dependent on the hardware, the OS, the web server, the database, the scripting language, and finally the application code. Although web application security is not product specific we will focus on the last two layers using ColdFusion (CF) and the code. This paper covers default installation, two-step attacks, remote development, and security holes in the code, input encryption, which are the major issues in most web applications.