John Ramon - ColdFusion Blog - My Alternate Reality http://www.johnramon.com/ en-us Copyright 2012 John Ramon - ColdFusion Blog - My Alternate Reality http://www.johnramon.com/feed.xml Sun, 05 Feb 2012 02:37:14 MST http://www.johnramon.com/images/rssLogo.gif John Ramon - ColdFusion Blog - My Alternate Reality http://www.johnramon.com/ 97 97 Recent blog posts about ColdFusion, Web Applications, and CF Bloggy Application Penetration Test - Call to CF community for help! So next week an "Information Security and Compliance Company" is doing a 16 hour "Application Penetration Test" on an application we developed. It's on a dedicated server with all the latest patches and is on lock down with IP address validation through the firewall. We have made sure every query is protected from SQL injection attacks and made sure any file uploaded to the application is uploaded outside the root and can not be called from a URL. We think we have covered all the bases, here is a list of what the application will go through.
 

Input Validation

Buffer Overflow

Cross Site Scripting

URL Manipulation

SQL Injection

Hidden Variable Manipulation

Cookie Modification

Authentication Bypass

Code Execution
 

Now some of these are basic security 101, and ColdFusion has lots of tools to address the attacks. Has anyone ever gone through this? If so what type of things were found? Can anyone give me any suggestion of things to check?

]]> http://www.johnramon.com/index.cfm/id/39/Application-Penetration-Test---Call-to-CF-community-for-help! Tue, 17 Aug 2010 21:07:52 MST Connecting to SQL Server 2008 from OS X If your one of the cools kids and have a Mac (sorry windows guys) and you need to connect your development environment to a MSSQL server it's really easy. There are lots of guides out there on connecting ColdFusion to MSSQL but if your connecting from OS X server to Windows server there are 2 settings you need to check.

First once you log in to your development server under Object Explorer right click on the server name and click Properties. Under Security make sure "SQL Server and Windows authentication mode" is checked. Next click Connections and make sure "Allow remote connections to this server". If you setup you users and DB correctly you should be able to connect.

Two times this year I have wiped windows box and 2 times I wasted hours connecting to MSSQL from my iMac. I'm going to be adding more tips to help me and anyone else in the future.

]]> http://www.johnramon.com/index.cfm/id/38/Connecting-to-SQL-Server-2008-from-OS-X Fri, 13 Aug 2010 13:54:14 MST