Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, July 29 • 4:45pm - 6:00pm
Deconstructing ColdFusion

Sign up or log in to save this to your schedule and see who's attending!

ColdFusion is a somewhat forgotten but still very prevalent web application development platform. This presentation is a technical survey of ColdFusion security that will be of interest mostly to code auditors, penetration testers, and developers.

 

In the talk, we’ll cover the history of the ColdFusion platform and its relevance to today’s security landscape. We’ll describe basics of ColdFusion markup, control flow, functions, and components and demonstrate how to identify common web application vulnerabilities in the source code.

 

We’ll also delve into ColdFusion J2EE internals, showing what CFML pages and components look like when compiled down to Java, and describing some of the unusual behavior we’ve observed at that level. Included in the talk is a detailed description of the WAR/EAR structure for compiled ColdFusion apps. We'll release open-source tools to aid reverse engineers in working with ColdFusion's proprietary classfile format.


Thursday July 29, 2010 4:45pm - 6:00pm
Day 2 - Web Apps

Attendees (8)

  • Profile image