Jan 23
Keeping your ColdFusion server patched and up to date can be a bit of a challenge. Adobe do not have any kind of automated update service or even a notification service and their RSS feeds are not exactly up to date or reliable either.
There are however some useful resources out there that can make life easier.
As far as actually applying patches and updates goes, if you do not read Adobe's install notes and guides then you can easily miss an important manual step and leave your server vulnerable.
ColdFusion veteran Charlie Arehart has recently published a great blog post covering all the bases and explaining which updates or HorFixes also require manual steps and what to watch for.
Easier updates and management
For an easier way to manage your ColdFusion server and find out whether all your updates are installed try Merlin Manager. Merlin is an AIR based management and monitoring system for ColdFusion 7, 8 and 9 servers.
Do you perform any kind of vulnerability testing on your site to make sure it is hack proof? If the answer is no then your site may be vulnerable to any number of attacks or may have already been hacked. Thankfully there are tools to make this easier too.
FuseGuard Web Application Firewall for ColdFusion
The FuseGuard Web Application Firewall (WAF) for ColdFusion blocks
and logs malicious requests on your ColdFusion Applications. Pricing
starts at $349 per application or is available as a monthly subscription from BlueThunder, we will also install Fuseguard into your existing application for you and perform general security analysis and updates to your code if you do not have the skills to do it yourself. Please contact us for more details.
The firewall comes with over 15 filters to help protect against vulnerabilities such as:
Views: 1099
There are however some useful resources out there that can make life easier.
As far as actually applying patches and updates goes, if you do not read Adobe's install notes and guides then you can easily miss an important manual step and leave your server vulnerable.
ColdFusion veteran Charlie Arehart has recently published a great blog post covering all the bases and explaining which updates or HorFixes also require manual steps and what to watch for.
Easier updates and management
For an easier way to manage your ColdFusion server and find out whether all your updates are installed try Merlin Manager. Merlin is an AIR based management and monitoring system for ColdFusion 7, 8 and 9 servers.
Merlin has several unique features:
- Works with CF 7, 8, 9 Servers
- Easy to use AIR based Interface
- Save and restore configurations
- Compare server settings
- Monitoring for CF 8 and 9 servers
- Updates and Patches
Do you perform any kind of vulnerability testing on your site to make sure it is hack proof? If the answer is no then your site may be vulnerable to any number of attacks or may have already been hacked. Thankfully there are tools to make this easier too.
ColdFusion Server Security Scanner: HackMyCF
Have you ever wondered what your ColdFusion server looks like to a hacker? Try ColdFusion Server Security Scanner: HackMyCF which sends you a email report listing vulnerabilities found on your server. Run manual scans for FREE or subscribe to their automated service.
FuseGuard Web Application Firewall for ColdFusion
The FuseGuard Web Application Firewall (WAF) for ColdFusion blocks
and logs malicious requests on your ColdFusion Applications. Pricing
starts at $349 per application or is available as a monthly subscription from BlueThunder, we will also install Fuseguard into your existing application for you and perform general security analysis and updates to your code if you do not have the skills to do it yourself. Please contact us for more details.
The firewall comes with over 15 filters to help protect against vulnerabilities such as:
- Malicious File Uploads
- Cross Site Scripting / XSS
- SQL Injection
- Session Hijacking
- Cross Site Request Forgery
- CRLF Injection
- Path Traversal Attacks
- Password Dictionary Attacks
Recent Comments