skip to content
Hack proofing ColdFusion Preview this item
ClosePreview this item
Checking...

Hack proofing ColdFusion

Author: Greg Meyer; Steven Casco
Publisher: Rockland, MA : Syngress, ©2002.
Edition/Format:   eBook : Document : EnglishView all editions and formats
Summary:
The only way to stop a hacker is to think like one! ColdFusion is a Web application development tool that allows programmers to quickly build robust applications using server-side markup language. It is incredibly popular and has both an established user base and a quickly growing number of new adoptions. It has become the development environment of choice for e-commerce sites and content sites where databases and  Read more...
Rating:

(not yet rated) 0 with reviews - Be the first.

Subjects
More like this

 

Find a copy online

Links to this item

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...

Details

Genre/Form: Electronic books
Additional Physical Format: Print version:
Hack proofing ColdFusion.
Rockland, MA : Syngress, ©2002
(OCoLC)48754905
Material Type: Document, Internet resource
Document Type: Internet Resource, Computer File
All Authors / Contributors: Greg Meyer; Steven Casco
ISBN: 1932266224 9781932266221 9781928994770 1928994776
OCLC Number: 51563683
Notes: Includes index.
Description: 1 online resource (xxiv, 515 pages) : illustrations
Contents: ForewordChapter 1 Thinking Like a Hacker Introduction Understanding the Terms A Brief History of Hacking Why Should I Think Like a Hacker? Mitigating Attack Risk in Your ColdFusion Applications Validating Page Input Functionality with Custom Tags and CFMODULE The Top ColdFusion Application Hacks Form Field Manipulation URL Parameter Tampering CFFILE, CFPOP, and CFFTP Tag Misuse ColdFusion RDS Compromise Understanding Hacker Attacks Denial of Service Virus Hacking Preventing "Break-ins by Thinking Like a Hacker Development Team Guidelines QA Team Guidelines IT Team Guidelines Summary Solutions Fast Track Frequently Asked QuestionsChapter 2 Securing Your ColdFusion Development Introduction Session Tracking CFID and CFTOKEN Issues Error Handling Verifying Data Types Summary Solutions Fast Track Frequently Asked QuestionsChapter 3 Securing Your ColdFusion Tags Introduction Identifying the Most Dangerous ColdFusion Tags Properly (and Improperly) Using Dangerous Tags Using the Tag Using the Tag Using the Tag Using the Tag Using the Tag Using the Tag Using the Tag Using the Tag Using the Tag Using the Tag Using the connectstring Attribute Using the dbtype=dynamic Attribute Knowing When and Why You Should Turn Off These Tags Controlling Threading within Dangerous Tags Working with Other Dangerous and Undocumented Tags Using the GetProfileString() and ReadProfileString() Functions Using the GetTempDirectory() Function Using the GetTempFile() Function Using the Tag Using the CF_SetDataSourceUsername(), CF_GetDataSourceUsername(), CF_SetDataSourcePassword(), CF_SetODBCINI(), and CF_GetODBCINI() Functions Using the CF_GetODBCDSN() Function Using the CFusion_Encrypt() and CFusion_Decrypt() Functions Summary Solutions Fast Track Frequently Asked QuestionsChapter 4 Securing Your ColdFusion Applications Introduction Cross-Site Scripting URL Hacking Validating Browser Input Malformed Input Validating Consistently from the "Hit List Using Using Using and Using (or Not Using) Using Web-Based File Upload Issues Techniques to Protect Your Application when Accepting File Uploads URL Session Variables Session ID Summary Solutions Fast Track Frequently Asked QuestionsChapter 5 The ColdFusion Development System Introduction Understanding the ColdFusion Application Server Thread Pooling Custom Memory Management Page-based Applications JIT Compiler Database Connection Manager Scheduling Engine Indexing Engine Distributed Objects Understanding ColdFusion Studio Setting Up FTP and RDS Servers Thinking of ColdFusion as Part of a System Securing Everything to Which ColdFusion Talks Summary Solutions Fast Track Frequently Asked QuestionsChapter 6 Configuring ColdFusion Server Security Introduction Setting Up the ColdFusion Server Using "Basic Security Employing Encryption under the Basic Security Setup Authentication under the Basic Security Setup Customizing Access Control under the Basic Security Setup Accessing Server Administration under the Basic Security Setup Setting Up the ColdFusion Server Using "Advanced Security Employing Encryption under the Advanced Security Setup Authentication under the Advanced Security Setup Customizing Access Control under the Advanced Security Setup Performance Considerations When Using Basic or Advanced Security Caching Advanced Security Information File and Data Source Access Summary Solutions Fast Track Frequently Asked QuestionsChapter 7 Securing the ColdFusion Server after Installation Introduction What to Do with the Sample Applications Reducing Uncontrolled Access Choosing to Enable or Disable the RDS Server Limiting Access to the RDS Server Securing Remote Resources for ColdFusion Studio Creating a Security Context Debug Display Restrictions Using the mode=debug Parameter Microsoft Security Tool Kit MS Strategic Technology Protection Program Summary Solutions Fast Track Frequently Asked QuestionsChapter 8 Securing Windows and IIS Introduction Security Overview on Windows, IIS, and Microsoft Securing Windows 2000 Server Avoiding Service Pack Problems with ColdFusion Using Windows Services ("Use Only What You Need ) Working with Users and Groups Understanding Default File System and Registry Permissions Securing the Registry Other Useful Considerations for Securing the Registry and SAM Installing Internet Information Services 5.0 Removing the Default IIS 5.0 Installation Creating an Answer File for the New IIS Installation Securing Internet Information Services 5.0 Setting Web Site, FTP Site, and Folder Permissions Restricting Access through IP Address and Domain Name Blocking Configuring Authentication Examining the IIS Security Tools Using the Hotfix Checker Tool Using the IIS Security Planning Tool Using the Windows 2000 Internet Server Security Configuration Tool for IIS 5.0 Auditing IIS Summary Solutions Fast Track Frequently Asked QuestionsChapter 9 Securing Solaris, Linux, and Apache Introduction Solaris Solutions Overview of the Solaris OS Understanding Solaris Patches Securing Default Solaris Services Security Issues for Solaris 2.6 and Later Other Useful Considerations in Securing Your Solaris Installation Linux Solutions Understanding Linux Installation Considerations Selecting Packages for Your Linux Installation Hardening Linux Services Securing Your Suid Applications Understanding Sudo System Requirements Learning More About the Sudo Command Downloading Sudo Installing Sudo Configuring Sudo Running Sudo Running Sudo with No Password Logging Information with Sudo Other Useful Considerations to Securing Your Linux Installation Apache Solutions Configuring Apache on Solaris and Linux Configuring Apache Modules Choosing Apache SSL Summary Solutions Fast Track Frequently Asked QuestionsChapter 10 Database Security Introduction Database Authentication and Authorization Authentication Authorization Database Security and ColdFusion Dynamic SQL Leveraging Database Security Microsoft SQL Server Microsoft Access Oracle Summary Solutions Fast Track Frequently Asked QuestionsChapter 11 Securing Your ColdFusion Applications Using Third-Party Tools Introduction Firewalls Testing Firewalls DNS Tricks Port Scanning Tools Detecting Port Scanning Best Practices Install Patches Know What's Running Default Installs Change Passwords and Keys Backup, Backup,Backup Firewalls Summary Solutions Fast Track Frequently Asked QuestionsChapter 12 Security Features in ColdFusion MX Introduction Who's Responsible for Security? A Look at Security in ColdFusion MX New and Improved Tools New Tags Summary Solutions Fast Track Frequently Asked QuestionsIndex
Responsibility: Greg Meyer [and others] ; Steven Casco, technical editor.

Abstract:

"Hack Proofing ColdFusion 5.0" is the seventh volume in the popular Hack Proofing series and is the only book specifically written for developers devoted to protecting their ColdFusion Web  Read more...

Reviews

User-contributed reviews
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...

Tags

Be the first.
Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Linked Data


Primary Entity

<http://www.worldcat.org/oclc/51563683> # Hack proofing ColdFusion
    a schema:CreativeWork, schema:Book, schema:MediaObject ;
    library:oclcnum "51563683" ;
    library:placeOfPublication <http://id.loc.gov/vocabulary/countries/mau> ;
    library:placeOfPublication <http://experiment.worldcat.org/entity/work/data/1037887555#Place/rockland_ma> ; # Rockland, MA
    schema:about <http://experiment.worldcat.org/entity/work/data/1037887555#Topic/computers_networking_security> ; # COMPUTERS--Networking--Security
    schema:about <http://id.worldcat.org/fast/1388014> ; # ColdFusion.
    schema:about <http://experiment.worldcat.org/entity/work/data/1037887555#CreativeWork/coldfusion> ; # ColdFusion.
    schema:about <http://id.worldcat.org/fast/872484> ; # Computer security
    schema:about <http://experiment.worldcat.org/entity/work/data/1037887555#Topic/computers_security_general> ; # COMPUTERS--Security--General
    schema:about <http://dewey.info/class/005.8/e21/> ;
    schema:about <http://id.loc.gov/authorities/subjects/sh94001277> ; # Computer networks--Security measures
    schema:about <http://id.worldcat.org/fast/872341> ; # Computer networks--Security measures
    schema:about <http://experiment.worldcat.org/entity/work/data/1037887555#Topic/computers_internet_security> ; # COMPUTERS--Internet--Security
    schema:bookFormat schema:EBook ;
    schema:contributor <http://experiment.worldcat.org/entity/work/data/1037887555#Person/meyer_greg> ; # Greg Meyer
    schema:contributor <http://viaf.org/viaf/58590134> ; # Steven Casco
    schema:copyrightYear "2002" ;
    schema:datePublished "2002" ;
    schema:description "The only way to stop a hacker is to think like one! ColdFusion is a Web application development tool that allows programmers to quickly build robust applications using server-side markup language. It is incredibly popular and has both an established user base and a quickly growing number of new adoptions. It has become the development environment of choice for e-commerce sites and content sites where databases and transactions are the most vulnerable and where security is of the utmost importance. Several security concerns exist for ColdFusion due to its unique approach of designing pages using dynamic-page templates rather than static HTML documents. Because ColdFusion does not require that developers have expertise in Visual Basic, Java and C++; Web applications created using ColdFusion Markup language are vulnerable to a variety of security breaches. Hack Proofing ColdFusion 5.0 is the seventh edition in the popular Hack Proofing series and provides developers with step-by-step instructions for developing secure web applications. Teaches strategy and techniques: Using forensics-based analysis this book gives the reader insight to the mind of a hacker Interest in topic continues to grow: Network architects, engineers and administrators are scrambling for security books to help them protect their new networks and applications powered by ColdFusion Unrivalled Web-based support: Up-to-the minute links, white papers and analysis for two years at solutions@syngress.com."@en ;
    schema:exampleOfWork <http://worldcat.org/entity/work/id/1037887555> ;
    schema:genre "Electronic books"@en ;
    schema:inLanguage "en" ;
    schema:isSimilarTo <http://www.worldcat.org/oclc/48754905> ;
    schema:name "Hack proofing ColdFusion"@en ;
    schema:productID "51563683" ;
    schema:publication <http://www.worldcat.org/title/-/oclc/51563683#PublicationEvent/rockland_ma_syngress_2002> ;
    schema:publisher <http://experiment.worldcat.org/entity/work/data/1037887555#Agent/syngress> ; # Syngress
    schema:url <http://www.books24x7.com/marc.asp?bookid=3264> ;
    schema:url <http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=75909> ;
    schema:url <http://www.books24x7.com/marc.asp?isbn=1928994776> ;
    schema:url <http://www.sciencedirect.com/science/book/9781928994770> ;
    schema:url <http://public.ebookcentral.proquest.com/choice/publicfullrecord.aspx?p=294151> ;
    schema:url <http://site.ebrary.com/id/10007015> ;
    schema:url <http://swbplus.bsz-bw.de/bsz40531387xcov.htm> ;
    schema:url <http://www.engineeringvillage.com/controller/servlet/OpenURL?genre=book&isbn=9781928994770> ;
    schema:workExample <http://worldcat.org/isbn/9781932266221> ;
    schema:workExample <http://worldcat.org/isbn/9781928994770> ;
    wdrs:describedby <http://www.worldcat.org/title/-/oclc/51563683> ;
    .


Related Entities

<http://experiment.worldcat.org/entity/work/data/1037887555#Person/meyer_greg> # Greg Meyer
    a schema:Person ;
    schema:familyName "Meyer" ;
    schema:givenName "Greg" ;
    schema:name "Greg Meyer" ;
    .

<http://experiment.worldcat.org/entity/work/data/1037887555#Topic/computers_internet_security> # COMPUTERS--Internet--Security
    a schema:Intangible ;
    schema:name "COMPUTERS--Internet--Security"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/1037887555#Topic/computers_networking_security> # COMPUTERS--Networking--Security
    a schema:Intangible ;
    schema:name "COMPUTERS--Networking--Security"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/1037887555#Topic/computers_security_general> # COMPUTERS--Security--General
    a schema:Intangible ;
    schema:name "COMPUTERS--Security--General"@en ;
    .

<http://id.loc.gov/authorities/subjects/sh94001277> # Computer networks--Security measures
    a schema:Intangible ;
    schema:name "Computer networks--Security measures"@en ;
    .

<http://id.worldcat.org/fast/1388014> # ColdFusion.
    a schema:CreativeWork ;
    schema:name "ColdFusion." ;
    .

<http://id.worldcat.org/fast/872341> # Computer networks--Security measures
    a schema:Intangible ;
    schema:name "Computer networks--Security measures"@en ;
    .

<http://id.worldcat.org/fast/872484> # Computer security
    a schema:Intangible ;
    schema:name "Computer security"@en ;
    .

<http://viaf.org/viaf/58590134> # Steven Casco
    a schema:Person ;
    schema:familyName "Casco" ;
    schema:givenName "Steven" ;
    schema:name "Steven Casco" ;
    .

<http://worldcat.org/isbn/9781928994770>
    a schema:ProductModel ;
    schema:isbn "1928994776" ;
    schema:isbn "9781928994770" ;
    .

<http://worldcat.org/isbn/9781932266221>
    a schema:ProductModel ;
    schema:isbn "1932266224" ;
    schema:isbn "9781932266221" ;
    .

<http://www.engineeringvillage.com/controller/servlet/OpenURL?genre=book&isbn=9781928994770>
    rdfs:comment "An electronic book accessible through the World Wide Web; click for information" ;
    .

<http://www.worldcat.org/oclc/48754905>
    a schema:CreativeWork ;
    rdfs:label "Hack proofing ColdFusion." ;
    schema:description "Print version:" ;
    schema:isSimilarTo <http://www.worldcat.org/oclc/51563683> ; # Hack proofing ColdFusion
    .


Content-negotiable representations

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.