Adobe has released ColdFusion 11, the latest version of its Web application technology that enables organizations to build and deploy web and mobile enterprise applications.
Along with upgrading and improving many features in the product, Adobe has made several security enhancements to the popular web technology, and giving developers access to an extensive toolkit of security controls and other additional features.
According to Peleus Uhley, Lead Security Strategist at Adobe, notable security enhancements In ColdFusion 11 include:
1. More OWASP Tools – New OWASP tools have been added to provide more integrated security features. For example, features from the AntiSamy project have been included to help developers safely display controlled subsets of user supplied HTML/CSS. ColdFusion 11 exposes AntiSamy through the new getSafeHTML() and is SafeHTML(). ColdFusion 11 also contains more tools from OWASP’s Enterprise Security API library, or ESAPI, including the EncodeForXPath and EncodeForXMLAttribute features. ESAPI features provide developers more flexibility to update the security of existing applications and serve as a strong platform for new development.
2. Flexible Secure Profile Controls – In ColdFusion 11, customers have the ability to turn Secure Profile off or on afterinstallation, whenever they’d like, which streamlines the lockdown process to prevent a variety of attacks.
3. Integrating Security into Existing APIs – ColdFusion 11 has many upgraded APIs and features, including an advanced password-based key derivation function called PBKDF2 – which allows developers to create encryption keys from passwords using an industry-accepted cryptographic algorithm. Additionally, the cfmail feature now supports the ability to send S/MIME encrypted e-mails. ColdFusion 11 also has the ability to enable SSL for WebSockets.
“Overall, this latest iteration of the platform increases flexibility for developers, while enhancing security,” Uhley wrote in a blog post. “Administrators will now find it even easier to lock down their environments.”
Additional details on the security features in ColdFusion 11 is available here, along with additional information in the CFML Reference for ColdFusion 11 here.
Available immediately, Adobe ColdFusion 11 Enterprise Edition is priced at $8,499.
