Limit Display to Recordings of
<= 1
<= 5
<= 10
<= 30
<= 60
any
minutes duration
« Previous ( 1 2 3 4 5 ) Next »
Search (within title, desc, presenter, URL):
Clear Search
44 recordings found
with reference to security
Title
Presenter Duration (h:mm) Date Posted Date Recorded Submitter
CFMeetup: CF.Objective() Preview: Security and the SDLC: Threat Modeling (View video , Show Description )In this 30 minute preview of his CFObjective seminar, Dean will examine how threat modeling can be used as a baseline activity to ensure the security of web applications. Threat modeling is a structured approach for identifying, evaluating and mitigating risks to system security. By modeling a system as an attacker would, development organizations can prioritize the usage of a development/security budget, manage risks to system security and find vulnerabilities earlier than technical testing or code reviews. Applied early in the development lifecycle, threat modeling can be used to drive further secure SDLC activities, such as code reviews and penetration testing to ensure the security of your software throughout its lifetime.
Dean Saxe
0:39 2007-04-27 2007-04-27 charlie arehart
CFMeetup: CF AMA: Ask Me Anything (View video , Show Description )Join us for another CF "Ask Me Anything" session, with your host Charlie Arehart and recent co-organizer Dan Wilson. We'll open the floor to any sort of CF-related questions you may have, whether about coding challenges or using CF features (on the newest or older versions), configuration or tuning, deployment, security, the future and state of CF, whatever.
You can offer questions in advance if you like, using this form:
https://docs.google.com/forms/d/e/1FAIpQLSenOp4GULwLA6q8UDIvhgXjAymSr2jM3zfSDEfFXu7yUVMhxw/viewform
Of course, some topics tend to generate more heat than light, so we hope folks will ask questions that may not be merely points of debate (preferences, disappointments, laments). And since we're not Adobe and don't speak for them, there are some topics where we won't be able to offer information that isn't publicly known. Still, there are many questions asked in the community (in various places) every day, so there are plenty of good questions. Of course, we can even talk about, "where are good places to ask CF questions?"! :-)
You bring 'em, we'll wing 'em. We'll even let others hop on to speak/share video/screen, if they feel they have a question or answer that would be better spoken than written in the chat.
Charlie Arehart and Dan Wilson
1:02 2021-01-16 2021-01-14 Charlie Arehart
CFMeetup: CF AMA: Ask Me Anything (View video , Show Description )Join us for our first "Ask Me Anything" session, with your host Charlie Arehart and recent co-organizer Dan Wilson. We'll open the floor to any sort of CF-related questions you may have, whether about coding challenges or using CF features, configuration or tuning, deployment, security, the upcoming new CF version, recent CF versions, the future and state of CF, whatever.
Of course, some topics tend to generate more heat than light, so we hope folks will ask questions that may not be merely points of debate (preferences, disappointments, laments). And since we're not Adobe and don't speak for them, there are some topics where we won't be able to offer information that isn't publicly known. Still, there are many questions asked in the community (in various places) every day, so there are plenty of good questions. Of course, we can even talk about, "where are good places to ask CF questions?"! :-)
You bring 'em, we'll wing 'em. We'll even let others hop on to speak/share video/screen, if they feel they have a question or answer that would be better spoken than written in the chat.
Charlie Arehart and Dan Wilson
1:15 2020-11-04 2020-10-22 Charlie Arehart
CFMeetup: Building a Public API Powered by CF (View video , Show Description )Where are your visitors? They may still be accessing your Web site using their Mac or PC Web browsers--or they might be connecting from their phone, tablet, television or even their refrigerator. To build compelling cross-device experiences that support Web page requests as well as native applications you will probably need to communicate with these devices using a common Application Programming Interface or API.
In this discussion, Aaron Greenlee will discuss API designs (RESTful /non-RESTful), considerations for bootstrapping your Web Page on desktop/mobile devices and ultimately demonstrate different techniques that you can use to implement your own API. The discussion will touch on security, performance under stress maintenance. The concepts reviewed will be applicable to any framework or programming language; however, the discussion will specifically demonstrate how ColdFusion 9.0, ORM and the ColdBox framework were leveraged to create a powerful API that can be consumed by any device.
Aaron Greenlee
0:56 2011-06-30 2011-06-30 charlie arehart
CFMeetup: Avoiding Server-Side Request Forgery (SSRF) Vulns in CFML (View video , Show Description )Server-Side Request Forgery (SSRF) vulnerabilities allow an attacker to make arbitrary web requests (and in some cases, other protocols too) from the application environment. Exploiting these flaws can lead to leaking sensitive data, accessing internal resources, and under certain circumstances, remote command execution.
Several ColdFusion/CFML tags and functions can process URLs as file path arguments -- including some tags and and functions that you might not expect. If these tags and functions process unvalidated user-controlled input, this can lead to SSRF vulnerabilities in your applications. In addition to providing a list of affected tags and functions, I'll cover some approaches for identifying and remediating vulnerable code. My goal for this talk is to raise awareness about what may be a security blindspot for some ColdFusion/CFML developers.
Brian Reilly
1:00 2022-07-07 2021-11-11 charlie arehart
CFMeetup: Authentication made easy using Twitter/Facebook/Google/more (View video , Show Description )Authentication is one of those features we seem to implement in every app. It's a chore for us, because poor security choices can mean failure. It's a chore for users: yet another password to remember. Why not let those who have spent millions of dollars on this problem, where your users already have an account, deal with this? In this session, I'll show you how to implement the various authentication APIs that are out there, presenting a login experience that allows your user to choose from the various options that are available (Twitter, Facebook, Google, LinkedIn, and more). You'll also see how to wire this up to your application in a way that is unified to your app no matter what service your users choose.
Billy Cravens
1:01 2012-08-23 2012-08-23 Charlie Arehart
CFMeetup: Approaches to more secure ColdFusion code (View video , Show Description )Security is a topic we as developers love to ignore as much as possible, but as the number of attacks increase year over year we need to grab hold of the security in our apps. It can be difficult to secure large or legacy codebases, we'll look at some practical approaches to getting in there and making progress. We'll also review some of the top vulnerabilities to watch out for, which also provide a good starting point.
Pete Freitag
1:00 2022-07-07 2019-10-24 charlie arehart
CFMeetup: Application Security: Beyond SQL Injection (View video , Show Description )Surely there is more to this application security stuff than SQL injection. We've put in our <cfqueryparams> so are we secure now? We are going to talk about some of the other threats against our applications. Things like:
- Request Forgeries
- Password Security
- Cookies
- Session Management
SQL Injection is only the tip of the security iceberg. We need to be prepared for much more. As hackers become more sophisticated, so must we.
Jason Dean
1:18 2009-01-23 2009-01-22 Charlie Arehart
CF Summit 2021: Tackling ColdFusion Security (View video , Show Description )Security can be a thorny and intimidating topic. Where do you start and what should you prioritize? In this talk, we had aim to set you on a path to improving the security of your ColdFusion Applications.
Pete Freitag
2022-02-25 2021-12-07 Charlie Arehart
CF Summit 2021: Building the Next Generation of Secure Developers (View video , Show Description )As companies migrate to more resilient cloud infrastructures, threat actors continue to turn their attention to the application landscape as the new entry point for compromising systems.
Despite cyberattacks happening at a pace of every 39 seconds, only 3% of U.S. bachelor's degree graduates have cybersecurity-related skills. While several factors play into this, the most glaring is that faculty just don't know about the security field, leading to gaps between academia and industry. Unfortunately, the gap has gotten wider due to constant changes and growing toolchains in software development.
This is compounded by a consistent lack of employee training in secure coding principles and how it applies to the software development life cycle, causing new entrants into software development to be ill-prepared to build secure systems.
This session delved into:
- The growing security challenges developers face today - The current perceptions of “security” within the developer community - The need for secure coding education at the university level - Opportunities for learning secure coding in educational and corporate environments
Rey Bango
2022-02-25 2021-12-08 Charlie Arehart
« Previous ( 1 2 3 4 5 ) Next »
Show how many results?:
You can bookmark this search as http://www.carehart.org/ugtv/list.cfm?search=security
or track the search results using RSS:
RSS Feed of 10 latest presentations referring to: security -- (Validate RSS feed )
RSS Feed:
RSS Feed of 10 latest added presentations
Receive an email newsletter of newest entries: via Feedblitz