Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Adobe Enhances Security in ColdFusion 11

Adobe has released ColdFusion 11, the latest version of its Web application technology that enables organizations to build and deploy web and mobile enterprise applications.

Adobe has released ColdFusion 11, the latest version of its Web application technology that enables organizations to build and deploy web and mobile enterprise applications.

Along with upgrading and improving many features in the product, Adobe has made several security enhancements to the popular web technology, and giving developers access to an extensive toolkit of security controls and other additional features.

According to Peleus Uhley, Lead Security Strategist at Adobe, notable security enhancements In ColdFusion 11 include:

1. More OWASP Tools –   New OWASP tools have been added to provide more integrated security features. For example, features from the AntiSamy project have been included to help developers safely display controlled subsets of user supplied HTML/CSS. ColdFusion 11 exposes AntiSamy through the new getSafeHTML() and is SafeHTML(). ColdFusion 11 also contains more tools from OWASP’s Enterprise Security API library, or ESAPI, including the EncodeForXPath and EncodeForXMLAttribute features. ESAPI features provide developers more flexibility to update the security of existing applications and serve as a strong platform for new development.

2. Flexible Secure Profile Controls – In ColdFusion 11, customers have the ability to turn Secure Profile off or on afterinstallation, whenever they’d like, which streamlines the lockdown process to prevent a variety of attacks. 

3. Integrating Security into Existing APIs – ColdFusion 11 has many upgraded APIs and features, including an advanced password-based key derivation function called PBKDF2 – which allows developers to create encryption keys from passwords using an industry-accepted cryptographic algorithm. Additionally, the cfmail feature now supports the ability to send S/MIME encrypted e-mails. ColdFusion 11 also has the ability to enable SSL for WebSockets. 

“Overall, this latest iteration of the platform increases flexibility for developers, while enhancing security,” Uhley wrote in a blog post. “Administrators will now find it even easier to lock down their environments.”

Additional details on the security features in ColdFusion 11 is available here, along with additional information in the CFML Reference for ColdFusion 11 here.  

Advertisement. Scroll to continue reading.

Available immediately, Adobe ColdFusion 11 Enterprise Edition is priced at $8,499.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.