Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Adobe Enhances Security in ColdFusion 11

Adobe has released ColdFusion 11, the latest version of its Web application technology that enables organizations to build and deploy web and mobile enterprise applications.

Adobe has released ColdFusion 11, the latest version of its Web application technology that enables organizations to build and deploy web and mobile enterprise applications.

Along with upgrading and improving many features in the product, Adobe has made several security enhancements to the popular web technology, and giving developers access to an extensive toolkit of security controls and other additional features.

According to Peleus Uhley, Lead Security Strategist at Adobe, notable security enhancements In ColdFusion 11 include:

1. More OWASP Tools –   New OWASP tools have been added to provide more integrated security features. For example, features from the AntiSamy project have been included to help developers safely display controlled subsets of user supplied HTML/CSS. ColdFusion 11 exposes AntiSamy through the new getSafeHTML() and is SafeHTML(). ColdFusion 11 also contains more tools from OWASP’s Enterprise Security API library, or ESAPI, including the EncodeForXPath and EncodeForXMLAttribute features. ESAPI features provide developers more flexibility to update the security of existing applications and serve as a strong platform for new development.

2. Flexible Secure Profile Controls – In ColdFusion 11, customers have the ability to turn Secure Profile off or on afterinstallation, whenever they’d like, which streamlines the lockdown process to prevent a variety of attacks. 

3. Integrating Security into Existing APIs – ColdFusion 11 has many upgraded APIs and features, including an advanced password-based key derivation function called PBKDF2 – which allows developers to create encryption keys from passwords using an industry-accepted cryptographic algorithm. Additionally, the cfmail feature now supports the ability to send S/MIME encrypted e-mails. ColdFusion 11 also has the ability to enable SSL for WebSockets. 

“Overall, this latest iteration of the platform increases flexibility for developers, while enhancing security,” Uhley wrote in a blog post. “Administrators will now find it even easier to lock down their environments.”

Additional details on the security features in ColdFusion 11 is available here, along with additional information in the CFML Reference for ColdFusion 11 here.  

Available immediately, Adobe ColdFusion 11 Enterprise Edition is priced at $8,499.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.

Application Security

A security vulnerability identified on AliExpress, the wholesale marketplace owned by the Chinese e-commerce giant Alibaba, could have been exploited by hackers to hijack...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...