Limit Display to Recordings of
<= 1
<= 5
<= 10
<= 30
<= 60
any
minutes duration
( 1 2 3 4 5 ) Next »
Search (within title, desc, presenter, URL):
Clear Search
44 recordings found
with reference to security
Title
Presenter Duration (h:mm) Date Recorded Date Posted Submitter
CFMeetup: Building a Public API Powered by CF (View video , Show Description )Where are your visitors? They may still be accessing your Web site using their Mac or PC Web browsers--or they might be connecting from their phone, tablet, television or even their refrigerator. To build compelling cross-device experiences that support Web page requests as well as native applications you will probably need to communicate with these devices using a common Application Programming Interface or API.
In this discussion, Aaron Greenlee will discuss API designs (RESTful /non-RESTful), considerations for bootstrapping your Web Page on desktop/mobile devices and ultimately demonstrate different techniques that you can use to implement your own API. The discussion will touch on security, performance under stress maintenance. The concepts reviewed will be applicable to any framework or programming language; however, the discussion will specifically demonstrate how ColdFusion 9.0, ORM and the ColdBox framework were leveraged to create a powerful API that can be consumed by any device.
Aaron Greenlee
0:56 2011-06-30 2011-06-30 charlie arehart
ColdFusion Application Security (View video , Show Description )Adobe's ColdFusion Specialist for the government sector, Adam Wayne Lehman will present "ColdFusion Application Security". This presentation details the OWASP Top Ten Most Critical Web Application Security Vulnerabilities and how they are pertain to developing ColdFusion applications. Demonstration of effective methods to avoid and prevent invalidated input, broken access controls, broken authentication and session management, cross-site scripting flaws, injection flaws, and improper error handling.
Adam has been developing web applications specializing in ColdFusion for nearly a decade. His background includes designing and programming e-learning applications for Johns Hopkins Bloomberg School of Public Health, and before Adobe, Adam was a Senior Web Systems Engineer for the U.S. Department of State where he managed a team of developers and architects enterprise ColdFusion applications. Adam has also managed the Department of State Adobe Developer User Group for over two years. His work has been featured in Macromedia?s DRK(Developer Resource Kit) and his other areas of expertise include application security, section 508-compliant design and Oracle database development.
Adam Wayne Lehman
1:20 2006-10-19 2006-10-19 Steven Erat
MIGRATING TO MVC: CONVERTING LEGACY CODE (View video , Show Description )Learn how to "think MVC" while bringing your code into the present day. Taking a step-by-step approach, we'll cover the basics of handlers, views, plugins, interceptors and models. We'll also cover a handful of security issues that have come to light since your legacy code was first created and how to address them with ColdFusion and ColdBox.
Adrian J. Moreno
0:51 2014-09-25 2014-10-01 Henry Ho
CFMeetup: Authentication made easy using Twitter/Facebook/Google/more (View video , Show Description )Authentication is one of those features we seem to implement in every app. It's a chore for us, because poor security choices can mean failure. It's a chore for users: yet another password to remember. Why not let those who have spent millions of dollars on this problem, where your users already have an account, deal with this? In this session, I'll show you how to implement the various authentication APIs that are out there, presenting a login experience that allows your user to choose from the various options that are available (Twitter, Facebook, Google, LinkedIn, and more). You'll also see how to wire this up to your application in a way that is unified to your app no matter what service your users choose.
Billy Cravens
1:01 2012-08-23 2012-08-23 Charlie Arehart
CFMeetup: ColdBox 4: The Future of CFML MVC (View video , Show Description )ColdFusion (CFML) is one of the most mature web languages. It offers similar scripting and language constructs as other languages, but proponents of CFML know its true power comes with all the inbuilt functionality and integrations you get out of the box. ColdBox was the first CFML framework to provide convention-over-configuration MVC for the masses. Like other frameworks, it allows very simple conventions and lets you to easily scaffold out apps with little effort. ColdBox is unique though because it doesn't stop there; it's a productivity platform for people who are tired of reinventing the wheel. ColdBox is built on a light modular core with built-in lifecycle extension points, and pluggable libraries for things like SES, JSMin, pagination, security, and REST. And don't forget the other Box productivity libraries for logging, object creation, caching, and testing. Come see what makes ColdBox the most comprehensive and compelling development platform. We'll even talk about some of cool new features in ColdBox 4 as well as CommandBox, the new CFML CLI, Package Manager, and REPL.
Brad Wood
1:44 2014-10-30 2014-10-30 Charlie Arehart
CFMeetup: I Didn’t Know S3 Could Do That!, with Brian Klaas (View video , Show Description )Millions of developers know Amazon's Simple Storage Service (S3) as the file system for the Internet: it's fast, cheap, and super durable. CFML developers have dead-simple access to S3 via built-in functionality. S3 goes way beyond just uploading and downloading files, though. By dropping down into the AWS Java SDK, we can unlock the full potential of S3, and that's exactly what we'll do in this session.
In this session we'll look at how to: - Secure your files in S3 with time-expiring URLs - Increase security over what's built into the CFML engines by accessing S3 via the Java SDK - Encrypt objects at rest in S3 - Cut your storage costs by using different S3 storage classes - Automatically archive unused files after a set period of time - Use the rock-solid object versioning available in S3 - Use tags to be able to filter and report on millions of objects in S3
Brian Klaas
1:11 2020-08-06 2020-08-06 Charlie Arehart
CF Online Summit 2022: Below the surface: web vulnerabilities hiding in your applications (View video , Show Description )Congratulations! You've patched your servers, fixed all of your XSS, cfqueryparam'd away your SQL injections, federated your authentication, and all of your forms check CSRF tokens. But after you've covered the basics, what may still be lurking out there in your applications? This talk will look at a few vulnerability classes that are sometimes missed and how they relate to ColdFusion applications. Examples will include Server Side Request Forgery, cryptographic attacks, and more. My goal for this talk is to raise awareness about what may be some application security blindspots for some ColdFusion developers.
Brian Reilly
0:57 2022-12-09 2023-01-25 charlie arehart
CFMeetup: Avoiding Server-Side Request Forgery (SSRF) Vulns in CFML (View video , Show Description )Server-Side Request Forgery (SSRF) vulnerabilities allow an attacker to make arbitrary web requests (and in some cases, other protocols too) from the application environment. Exploiting these flaws can lead to leaking sensitive data, accessing internal resources, and under certain circumstances, remote command execution.
Several ColdFusion/CFML tags and functions can process URLs as file path arguments -- including some tags and and functions that you might not expect. If these tags and functions process unvalidated user-controlled input, this can lead to SSRF vulnerabilities in your applications. In addition to providing a list of affected tags and functions, I'll cover some approaches for identifying and remediating vulnerable code. My goal for this talk is to raise awareness about what may be a security blindspot for some ColdFusion/CFML developers.
Brian Reilly
1:00 2021-11-11 2022-07-07 charlie arehart
API's Part 5: Security and How to Protect Your Organization (View video , Show Description )Get a detailed look at Adobe ColdFusion's security standards, with respect to your APIs and the API Manager. Learn about OAuth, along with the configuration of user stores, to secure your organization's services. (Part 5 was originally to be another session, to be held the day before, "Policy Management and Access Controls", but it had to be postponed.)
Brian Sappey
0:53 2021-05-13 2021-06-10 charlie arehart
ColdFusion at 25: not the kid most have stuck in their minds (View video , Show Description )As ColdFusion turns 26 next month, many seem stuck remembering it only as the "teen" they knew or even the "child", when instead it's grown up to be a capable "adult", impressive in many ways, and even more so recently. In this session, we'll look back at how CF has indeed evolved into a very capable platform, with quite modern features that seem to surprise many--including people working with it currently. If you struggle "finding CF people" or "getting buy-in", perhaps these observations could help you with both challenges. If nothing else, they're things designed simply to help you get your job done, while keeping up with modern practices.
We'll start with many modern coding techniques--which will be familiar to those using more "modern" languages but that many don't realize CF supports, and may have for years. We'll then look at ways things such as CF installation/deployment, configuration/administration, monitoring, security, and more have improved over the years. And we'll look not only at CF itself but the community surrounding it, ranging from resources for help and learning to tools and services that others have created, making CF a far more complete ecosystem than most give it credit. Put another way: it's not your father's CF!
Charlie Arehart
1:04 2021-06-22 2021-07-15 charlie arehart
( 1 2 3 4 5 ) Next »
Show how many results?:
You can bookmark this search as http://www.carehart.org/ugtv/list.cfm?search=security
or track the search results using RSS:
RSS Feed of 10 latest presentations referring to: security -- (Validate RSS feed )
RSS Feed:
RSS Feed of 10 latest added presentations
Receive an email newsletter of newest entries: via Feedblitz