Looking for suggestions on security training for C...
# adobeg
Gareth
05/19/2023, 6:29 AMLooking for suggestions on security training for CF development / OWASP TOP 10, etc
j
Jim Priest
05/19/2023, 3:30 PMhttps://foundeo.com/ Pete is like a security ninja 🙂
s
Scott Bennett
05/19/2023, 3:30 PMFoundeo offers security training classes if you are lookin for something formal: https://foundeo.com/consulting/coldfusion/security-training/
I personally just read the owasp docs and figured out the CF equivalents...using cfqueryparam, not useing iif() or evaluate(), using the EncodeForHTML() (and other encodeFor functions), etc
Scott Bennett
05/19/2023, 3:46 PMNot CF specific per se, but I would also make sure you are looking into CORS https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS and that you are setting access control headers to prevent unauthorized scripts from running on your application if something does get past your security and starts adding some skimming script to your code to capture data and send it to a 3rd party. I have dealt with several issues for clients over the last couple years where setting those helped.