Hack Proofing ColdFusion

By: Syngress

Write A Review

Paperback | 1 January 2002

At a Glance

Paperback
512 Pages

Dimensions(cm)
23.5 x 19.05 x 3.18

Paperback

$121.75

or 4 interest-free payments of $30.44 with

Ships in 15 to 25 business days

The only way to stop a hacker is to think like one!

ColdFusion is a Web application development tool that allows programmers to quickly build robust applications using server-side markup language. It is incredibly popular and has both an established user base and a quickly growing number of new adoptions. It has become the development environment of choice for e-commerce sites and content sites where databases and transactions are the most vulnerable and where security is of the utmost importance. Several security concerns exist for ColdFusion due to its unique approach of designing pages using dynamic-page templates rather than static HTML documents. Because ColdFusion does not require that developers have expertise in Visual Basic, Java and C++; Web applications created using ColdFusion Markup language are vulnerable to a variety of security breaches.

Hack Proofing ColdFusion 5.0 is the seventh edition in the popular Hack Proofing series and provides developers with step-by-step instructions for developing secure web applications.

Teaches strategy and techniques: Using forensics-based analysis this book gives the reader insight to the mind of a hacker
Interest in topic continues to grow: Network architects, engineers and administrators are scrambling for security books to help them protect their new networks and applications powered by ColdFusion
Unrivalled Web-based support: Up-to-the minute links, white papers and analysis for two years at solutions@syngress.com

Shipping

	Standard Shipping	Express Shipping
Metro postcodes:	$9.99	$14.95
Regional postcodes:	$9.99	$14.95
Rural postcodes:	$9.99	$14.95

Orders over $79.00 qualify for free shipping.

How to return your order

At Booktopia, we offer hassle-free returns in accordance with our returns policy. If you wish to return an item, please get in touch with Booktopia Customer Care.

Additional postage charges may be applicable.

Defective items

If there is a problem with any of the items received for your order then the Booktopia Customer Care team is ready to assist you.

For more info please visit our Help Centre.

You Can Find This Book In

Non-Fiction Computing & I.T.Graphical & Digital Media Applications Web Graphics & Design Computer Security Data Encryption Engineering & Technology Technology in General Computer Fraud & Hacking Business Applications Computer Networking & Communications Network Security

Computer Programming & Software Development Programming & Scripting Languages

Foreword	p. xxiii
Thinking Like a Hacker	p. 1
Introduction	p. 2
Understanding the Terms	p. 3
A Brief History of Hacking	p. 3
Why Should I Think Like a Hacker?	p. 8
Mitigating Attack Risk in Your ColdFusion Applications	p. 10
Validating Page Input	p. 13
Functionality with Custom Tags and CFMODULE	p. 14
The Top ColdFusion Application Hacks	p. 15
Form Field Manipulation	p. 17
URL Parameter Tampering	p. 21
CFFILE, CFPOP, and CFFTP Tag Misuse	p. 24
ColdFusion RDS Compromise	p. 27
Understanding Hacker Attacks	p. 28
Denial of Service	p. 29
Virus Hacking	p. 31
Preventing "Break-ins" by Thinking Like a Hacker	p. 39
Development Team Guidelines	p. 39
QA Team Guidelines	p. 41
IT Team Guidelines	p. 41
Summary	p. 42
Solutions Fast Track	p. 43
Frequently Asked Questions	p. 45
Securing Your ColdFusion Development	p. 47
Introduction	p. 48
Session Tracking	p. 48
CFID and CFTOKEN Issues	p. 51
Error Handling	p. 55
Detecting and Using Errors	p. 55
Verifying Data Types	p. 63
Checking for Data Types	p. 64
Summary	p. 67
Solutions Fast Track	p. 69
Frequently Asked Questions	p. 70
Securing Your ColdFusion Tags	p. 73
Introduction	p. 74
Identifying the Most Dangerous ColdFusion Tags	p. 74
Properly (and Improperly) Using Dangerous Tags	p. 77
Using the [left angle blacket]CFCONTENT[right angle blacket] Tag	p. 77
Using the [left angle bracket]CFDIRECTORY[right angle bracket] Tag	p. 79
Using the [left angle bracket]CFFILE[right angle bracket] Tag	p. 80
Using the [left angle bracket]CFOBJECT[right angle bracket] Tag	p. 83
Using the [left angle bracket]CFREGISTRY[right angle bracket] Tag	p. 85
Using the [left angle bracket]CFADMINSECURITY[right angle bracket] Tag	p. 87
Using the [left angle bracket]CFEXECUTE[right angle bracket] Tag	p. 89
Using the [left angle bracket]CFFTP[right angle bracket] Tag	p. 90
Using the [left angle bracket]CFLOG[right angle bracket] Tag	p. 92
Using the [left angle bracket]CFMAIL[right angle bracket] Tag	p. 95
Using the connectstring Attribute	p. 97
Using the dbtype=dynamic Attribute	p. 98
Knowing When and Why You Should Turn Off These Tags	p. 98
Setting Up the Unsecured Tags Directory	p. 99
Controlling Threading within Dangerous Tags	p. 99
Working with Other Dangerous and Undocumented Tags	p. 100
Using the GetProfileString() and ReadProfileString() Functions	p. 100
Using the GetTempDirectory()Function	p. 100
Using the GetTempFile() Function	p. 101
Using the [left angle bracket]CFIMPERSONATE[right angle bracket] Tag	p. 101
Using the CF_SetDataSourceUsername(), CF_GetDataSourceUsername(), CF_SetDataSourcePassword(), CF_SetODBCINI(), and CF_GetODBCINI() Functions	p. 102
Using the CF_GetODBCDSN() Function	p. 102
Using the CFusion_Encrypt() and CFusion_Decrypt() Functions	p. 102
Summary	p. 104
Solutions Fast Track	p. 105
Frequently Asked Questions	p. 107
Securing Your ColdFusion Applications	p. 109
Introduction	p. 110
Cross-Site Scripting	p. 112
URL Hacking	p. 114
Validating Browser Input	p. 119
Malformed Input	p. 122
Validating Consistently from the "Hit List"	p. 125
Web-Based File Upload Issues	p. 134
Techniques to Protect Your Application when Accepting File Uploads	p. 134
URL Session Variables	p. 136
Session ID	p. 137
Summary	p. 139
Solutions Fast Track	p. 140
Frequently Asked Questions	p. 142
The ColdFusion Development System	p. 145
Introduction	p. 146
Understanding the ColdFusion Application Server	p. 146
Thread Pooling	p. 146
Custom Memory Management	p. 151
Page-based Applications	p. 151
JIT Compiler	p. 151
Database Connection Manager	p. 152
Scheduling Engine	p. 155
Indexing Engine	p. 156
Distributed Objects	p. 157
Understanding ColdFusion Studio	p. 157
Setting Up FTP and RDS Servers	p. 158
Thinking of ColdFusion as Part of a System	p. 165
Securing Everything to Which ColdFusion Talks	p. 165
Summary	p. 167
Solutions Fast Track	p. 167
Frequently Asked Questions	p. 169
Configuring ColdFusion Server Security	p. 171
Introduction	p. 172
Setting Up the ColdFusion Server Using "Basic Security"	p. 173
Employing Encryption under the Basic Security Setup	p. 181
Authentication under the Basic Security Setup	p. 182
Customizing Access Control under the Basic Security Setup	p. 186
Accessing Server Administration under the Basic Security Setup	p. 189
Setting Up the ColdFusion Server Using "Advanced Security"	p. 190
Employing Encryption under the Advanced Security Setup	p. 193
Authentication under the Advanced Security Setup	p. 195
Customizing Access Control under the Advanced Security Setup	p. 198
Performance Considerations When Using Basic or Advanced Security	p. 218
Caching Advanced Security Information	p. 219
File and Data Source Access	p. 220
Summary	p. 224
Solutions Fast Track	p. 224
Frequently Asked Questions	p. 226
Securing the ColdFusion Server after Installation	p. 229
Introduction	p. 230
What to Do with the Sample Applications	p. 230
Reducing Uncontrolled Access	p. 234
Choosing to Enable or Disable the RDS Server	p. 238
Limiting Access to the RDS Server	p. 239
Securing Remote Resources for ColdFusion Studio	p. 244
Creating a Security Context	p. 246
Debug Display Restrictions	p. 250
Using the mode=debug Parameter	p. 252
Microsoft Security Tool Kit	p. 254
MS Strategic Technology Protection Program	p. 255
Summary	p. 256
Solutions Fast Track	p. 256
Frequently Asked Questions	p. 259
Securing Windows and IIS	p. 261
Introduction	p. 262
Security Overview on Windows, IIS, and Microsoft	p. 262
Securing Windows 2000 Server	p. 263
Avoiding Service Pack Problems with ColdFusion	p. 265
Using Windows Services ("Use Only What You Need")	p. 268
Working with Users and Groups	p. 272
Understanding Default File System and Registry Permissions	p. 276
Securing the Registry	p. 278
Other Useful Considerations for Securing the Registry and SAM	p. 279
Installing Internet Information Services 5.0	p. 284
Removing the Default IIS 5.0 Installation	p. 285
Creating an Answer File for the New IIS Installation	p. 288
Securing Internet Information Services 5.0	p. 290
Setting Web Site, FTP Site, and Folder Permissions	p. 290
Restricting Access through IP Address and Domain Name Blocking	p. 302
Configuring Authentication	p. 304
Examining the IIS Security Tools	p. 316
Using the Hotfix Checker Tool	p. 317
Using the IIS Security Planning Tool	p. 319
Using the Windows 2000 Internet Server Security Configuration Tool for IIS 5.0	p. 320
Auditing IIS	p. 328
Summary	p. 330
Solutions Fast Track	p. 331
Frequently Asked Questions	p. 335
Securing Solaris, Linux, and Apache	p. 337
Introduction	p. 338
Solaris Solutions	p. 338
Overview of the Solaris OS	p. 339
Understanding Solaris Patches	p. 343
Securing Default Solaris Services	p. 344
Security Issues for Solaris 2.6 and Later	p. 361
Other Useful Considerations in Securing Your Solaris Installation	p. 365
Linux Solutions	p. 372
Understanding Linux Installation Considerations	p. 372
Selecting Packages for Your Linux Installation	p. 374
Hardening Linux Services	p. 377
Securing Your Suid Applications	p. 379
Understanding Sudo System Requirements	p. 381
Learning More About the Sudo Command	p. 381
Downloading Sudo	p. 382
Installing Sudo	p. 383
Configuring Sudo	p. 387
Running Sudo	p. 389
Running Sudo with No Password	p. 391
Logging Information with Sudo	p. 392
Other Useful Considerations to Securing Your Linux Installation	p. 394
Apache Solutions	p. 410
Configuring Apache on Solaris and Linux	p. 411
Configuring Apache Modules	p. 418
Choosing Apache SSL	p. 419
Summary	p. 420
Solutions Fast Track	p. 421
Frequently Asked Questions	p. 424
Database Security	p. 427
Introduction	p. 428
Database Authentication and Authorization	p. 428
Authentication	p. 429
Authorization	p. 430
Database Security and ColdFusion	p. 430
Dynamic SQL	p. 431
Leveraging Database Security	p. 443
Microsoft SQL Server	p. 444
Microsoft Access	p. 452
Oracle	p. 453
Summary	p. 460
Solutions Fast Track	p. 460
Frequently Asked Questions	p. 462
Securing Your ColdFusion Applications Using Third-Party Tools	p. 463
Introduction	p. 464
Firewalls	p. 464
Testing Firewalls	p. 465
DNS Tricks	p. 469
Port Scanning Tools	p. 471
Detecting Port Scanning	p. 473
Best Practices	p. 474
Install Patches	p. 474
Know What's Running	p. 474
Default Installs	p. 474
Change Passwords and Keys	p. 475
Backup, Backup, Backup	p. 476
Firewalls	p. 477
Summary	p. 478
Solutions Fast Track	p. 478
Frequently Asked Questions	p. 480
Security Features in ColdFusion MX	p. 483
Introduction	p. 484
Who's Responsible for Security?	p. 484
A Look at Security in ColdFusion MX	p. 485
New and Improved Tools	p. 487
New Tags	p. 489
Summary	p. 494
Solutions Fast Track	p. 494
Frequently Asked Questions	p. 495
Index	p. 497
Table of Contents provided by Syndetics. All Rights Reserved.

Hack Proofing ColdFusion

At a Glance

Paperback

Shipping

How to return your order

Defective items

You Can Find This Book In

More in Network Security

Dark Wire

The Incredible True Story of the Largest Sting Operation Ever

The New Age of Sexism

How the AI Revolution is Reinventing Misogyny

Grey Area

Dark Web Data Collection and the Future of OSINT

Cybersecurity All-in-One For Dummies

For Dummies

Dark Wire

The Incredible True Story of the Largest Sting Operation Ever

Hacking For Dummies

For Dummies (Computer/Tech)

Crafting an Information Security Playbook

Network Security Essentials 6ed

Applications and Standards, Global Edition

Cryptography and Network Security

8th Edition - Principles and Practice, Global Edition

CompTIA A+ Complete Study Guide, 2-Volume Set

Volume 1 Core 1 Exam 220-1201 and Volume 2 Core 2 Exam 220-1202

Threat Modeling

A Practical Guide for Development Teams

Tech-Smart Parenting

How to keep your kids happy and safe online

Password Logbook (Hip Floral)

Keep Track of Usernames, Passwords, Web Addresses in One Easy and Organized Location

The Web Application Hacker's Handbook

Finding and Exploiting Security Flaws 2E

CompTIA Security+ Certification Kit

7th Edition - Exam SY0-701

Container Security

Fundamental Technology Concepts That Protect Containerized Applications

The New Age of Sexism

How the AI Revolution is Reinventing Misogyny

Deep Learning for Intrusion Detection

Techniques and Applications

Comprehensive Primer on Privacy Management

Five-Book Bundle

AI Forensics

Investigation and Analysis of Artificial Intelligence Systems

CyberSentinel+

An Advanced Hybrid Honeypot Intrusion Detection System Augmented with Big Data Analytics and Machine Learning Intelligence

Beyond The Invisible Nexus

Dark Web, Dark AI, and Offensive Security

Beyond The Invisible Nexus

Dark Web, Dark AI, and Offensive Security

Modern Benford's Law

State of the Art Techniques for Audit and Compliance Professionals

This product is categorised by