Limit Display to Recordings of
<= 1
<= 5
<= 10
<= 30
<= 60
any
minutes duration
« Previous ( 1 2 3 4 5 ) Next »
Search (within title, desc, presenter, URL):
Clear Search
44 recordings found
with reference to security
Title Presenter Duration (h:mm)
Date Posted Date Recorded Submitter
CFMeetup: Keeping CF (and Java) updated: challenges and solutions (View video , Show Description )Are you keeping up on whatever updates are available for the CF version you're running (2018, 2016, or so on)? And how about updating the Java/JVM that CF uses? You should be, for security as well as bug fix reasons. And what about the web server connector (wsconfig)?
Ever since CF10, the mechanism to update CF has been a single-click operation in the CF Admin--or at least, that's how it's supposed to be. But sometimes things go amiss, and you can be left with CF not coming up, or the admin not opening, or something in your app failing to work right which you may not notice for even days or weeks.
And the same is true when it comes to updating the Java/JVM that CF uses: there are several things you can easily do "wrong" that will have CF not starting. And even if you do it "right", there may be something amiss (because you missed an important step) that might not bite you for some days--when someone tries to make an https call out of CF. And you may wonder, "what version of Java can I use with my version of CF?"
The good news is that there are answers and a few key best practices to follow in updating CF, the JVM, and wsconfig, which if followed can ensure that each is a quick and painless task. In this session, veteran CF troubleshooter Charlie Arehart will walk through all this, based on his decade-plus experience in helping people troubleshoot such problems daily. The session will apply both to those using the Admin or command line for such update mechanisms.
Charlie Arehart
1:14 2020-06-25 2020-06-25 Charlie Arehart
CFMeetup: I Didn’t Know S3 Could Do That!, with Brian Klaas (View video , Show Description )Millions of developers know Amazon's Simple Storage Service (S3) as the file system for the Internet: it's fast, cheap, and super durable. CFML developers have dead-simple access to S3 via built-in functionality. S3 goes way beyond just uploading and downloading files, though. By dropping down into the AWS Java SDK, we can unlock the full potential of S3, and that's exactly what we'll do in this session.
In this session we'll look at how to: - Secure your files in S3 with time-expiring URLs - Increase security over what's built into the CFML engines by accessing S3 via the Java SDK - Encrypt objects at rest in S3 - Cut your storage costs by using different S3 storage classes - Automatically archive unused files after a set period of time - Use the rock-solid object versioning available in S3 - Use tags to be able to filter and report on millions of objects in S3
Brian Klaas
1:11 2020-08-06 2020-08-06 Charlie Arehart
CFMeetup: CF AMA: Ask Me Anything (View video , Show Description )Join us for our first "Ask Me Anything" session, with your host Charlie Arehart and recent co-organizer Dan Wilson. We'll open the floor to any sort of CF-related questions you may have, whether about coding challenges or using CF features, configuration or tuning, deployment, security, the upcoming new CF version, recent CF versions, the future and state of CF, whatever.
Of course, some topics tend to generate more heat than light, so we hope folks will ask questions that may not be merely points of debate (preferences, disappointments, laments). And since we're not Adobe and don't speak for them, there are some topics where we won't be able to offer information that isn't publicly known. Still, there are many questions asked in the community (in various places) every day, so there are plenty of good questions. Of course, we can even talk about, "where are good places to ask CF questions?"! :-)
You bring 'em, we'll wing 'em. We'll even let others hop on to speak/share video/screen, if they feel they have a question or answer that would be better spoken than written in the chat.
Charlie Arehart and Dan Wilson
1:15 2020-11-04 2020-10-22 Charlie Arehart
CFMeetup: CF AMA: Ask Me Anything (View video , Show Description )Join us for another CF "Ask Me Anything" session, with your host Charlie Arehart and recent co-organizer Dan Wilson. We'll open the floor to any sort of CF-related questions you may have, whether about coding challenges or using CF features (on the newest or older versions), configuration or tuning, deployment, security, the future and state of CF, whatever.
You can offer questions in advance if you like, using this form:
https://docs.google.com/forms/d/e/1FAIpQLSenOp4GULwLA6q8UDIvhgXjAymSr2jM3zfSDEfFXu7yUVMhxw/viewform
Of course, some topics tend to generate more heat than light, so we hope folks will ask questions that may not be merely points of debate (preferences, disappointments, laments). And since we're not Adobe and don't speak for them, there are some topics where we won't be able to offer information that isn't publicly known. Still, there are many questions asked in the community (in various places) every day, so there are plenty of good questions. Of course, we can even talk about, "where are good places to ask CF questions?"! :-)
You bring 'em, we'll wing 'em. We'll even let others hop on to speak/share video/screen, if they feel they have a question or answer that would be better spoken than written in the chat.
Charlie Arehart and Dan Wilson
1:02 2021-01-16 2021-01-14 Charlie Arehart
CFMeetup: Securing a ColdFusion Application with Fixinator & FuseGuard (View video , Show Description )In this session we'll take a look at a ColdFusion application that is vulnerable to several security issues. We'll look at some of the security holes in the application, how they can be exploited. Finally we'll use FuseGuard to protect the application, and Fixinator to find and fix some of the vulnerabilities in the application.
Pete Freitag
1:05 2021-01-28 2021-01-28 charlie arehart
API's Part 5: Security and How to Protect Your Organization (View video , Show Description )Get a detailed look at Adobe ColdFusion's security standards, with respect to your APIs and the API Manager. Learn about OAuth, along with the configuration of user stores, to secure your organization's services. (Part 5 was originally to be another session, to be held the day before, "Policy Management and Access Controls", but it had to be postponed.)
Brian Sappey
0:53 2021-06-10 2021-05-13 charlie arehart
ColdFusion at 25: not the kid most have stuck in their minds (View video , Show Description )As ColdFusion turns 26 next month, many seem stuck remembering it only as the "teen" they knew or even the "child", when instead it's grown up to be a capable "adult", impressive in many ways, and even more so recently. In this session, we'll look back at how CF has indeed evolved into a very capable platform, with quite modern features that seem to surprise many--including people working with it currently. If you struggle "finding CF people" or "getting buy-in", perhaps these observations could help you with both challenges. If nothing else, they're things designed simply to help you get your job done, while keeping up with modern practices.
We'll start with many modern coding techniques--which will be familiar to those using more "modern" languages but that many don't realize CF supports, and may have for years. We'll then look at ways things such as CF installation/deployment, configuration/administration, monitoring, security, and more have improved over the years. And we'll look not only at CF itself but the community surrounding it, ranging from resources for help and learning to tools and services that others have created, making CF a far more complete ecosystem than most give it credit. Put another way: it's not your father's CF!
Charlie Arehart
1:04 2021-07-15 2021-06-22 charlie arehart
CF Summit 2021: Building the Next Generation of Secure Developers (View video , Show Description )As companies migrate to more resilient cloud infrastructures, threat actors continue to turn their attention to the application landscape as the new entry point for compromising systems.
Despite cyberattacks happening at a pace of every 39 seconds, only 3% of U.S. bachelor's degree graduates have cybersecurity-related skills. While several factors play into this, the most glaring is that faculty just don't know about the security field, leading to gaps between academia and industry. Unfortunately, the gap has gotten wider due to constant changes and growing toolchains in software development.
This is compounded by a consistent lack of employee training in secure coding principles and how it applies to the software development life cycle, causing new entrants into software development to be ill-prepared to build secure systems.
This session delved into:
- The growing security challenges developers face today - The current perceptions of “security” within the developer community - The need for secure coding education at the university level - Opportunities for learning secure coding in educational and corporate environments
Rey Bango
2022-02-25 2021-12-08 Charlie Arehart
CF Summit 2021: Tackling ColdFusion Security (View video , Show Description )Security can be a thorny and intimidating topic. Where do you start and what should you prioritize? In this talk, we had aim to set you on a path to improving the security of your ColdFusion Applications.
Pete Freitag
2022-02-25 2021-12-07 Charlie Arehart
CFMeetup: Avoiding Server-Side Request Forgery (SSRF) Vulns in CFML (View video , Show Description )Server-Side Request Forgery (SSRF) vulnerabilities allow an attacker to make arbitrary web requests (and in some cases, other protocols too) from the application environment. Exploiting these flaws can lead to leaking sensitive data, accessing internal resources, and under certain circumstances, remote command execution.
Several ColdFusion/CFML tags and functions can process URLs as file path arguments -- including some tags and and functions that you might not expect. If these tags and functions process unvalidated user-controlled input, this can lead to SSRF vulnerabilities in your applications. In addition to providing a list of affected tags and functions, I'll cover some approaches for identifying and remediating vulnerable code. My goal for this talk is to raise awareness about what may be a security blindspot for some ColdFusion/CFML developers.
Brian Reilly
1:00 2022-07-07 2021-11-11 charlie arehart
« Previous ( 1 2 3 4 5 ) Next »
Show how many results?:
You can bookmark this search as http://www.carehart.org/ugtv/list.cfm?search=security
or track the search results using RSS:
RSS Feed of 10 latest presentations referring to: security -- (Validate RSS feed )
RSS Feed:
RSS Feed of 10 latest added presentations
Receive an email newsletter of newest entries: via Feedblitz