Description

The only way to stop a hacker is to think like one! ColdFusion is a Web application development tool that allows programmers to quickly build robust applications using server-side markup language. It is incredibly popular and has both an established user base and a quickly growing number of new adoptions. It has become the development environment of choice for e-commerce sites and content sites where databases and transactions are the most vulnerable and where security is of the utmost importance. Several security concerns exist for ColdFusion due to its unique approach of designing pages using dynamic-page templates rather than static HTML documents. Because ColdFusion does not require that developers have expertise in Visual Basic, Java and C++; Web applications created using ColdFusion Markup language are vulnerable to a variety of security breaches. Hack Proofing ColdFusion 5.0 is the seventh edition in the popular Hack Proofing series and provides developers with step-by-step instructions for developing secure web applications.

Key Features

· Teaches strategy and techniques: Using forensics-based analysis this book gives the reader insight to the mind of a hacker · Interest in topic continues to grow: Network architects, engineers and administrators are scrambling for security books to help them protect their new networks and applications powered by ColdFusion · Unrivalled Web-based support: Up-to-the minute links, white papers and analysis for two years at solutions@syngress.com

Table of Contents


Foreword

Chapter 1 Thinking Like a Hacker

Introduction

Understanding the Terms

A Brief History of Hacking

Why Should I Think Like a Hacker?

Mitigating Attack Risk in Your ColdFusion Applications

Validating Page Input

Functionality with Custom Tags and CFMODULE

The Top ColdFusion Application Hacks

Form Field Manipulation

URL Parameter Tampering

CFFILE, CFPOP, and CFFTP Tag Misuse

ColdFusion RDS Compromise

Understanding Hacker Attacks

Denial of Service

Virus Hacking

Preventing “Break-ins” by Thinking Like a Hacker

Development Team Guidelines

QA Team Guidelines

IT Team Guidelines

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 2 Securing Your ColdFusion Development

Introduction

Session Tracking

CFID and CFTOKEN Issues

Error Handling

Verifying Data Types

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 3 Securing Your ColdFusion Tags

Introduction

Identifying the Most Dangerous ColdFusion Tags

Properly (and Improperly) Using Dangerous Tags

Using the Tag

Using the Tag

Using the Tag

Using the Tag

Using the Tag

Using the Tag

Using the Tag

Using the Tag

Using the Tag

Using the Tag

Details

No. of pages:
512
Language:
English
Copyright:
© 2002
Published:
Imprint:
Syngress
Print ISBN:
9781928994770
Electronic ISBN:
9780080478098