Example Free Email Report
Is Your ColdFusion Server Secure?
What are people saying about Hack My CF?
Ben Forta: Running a ColdFusion server? I strongly suggest you run this against it: http://hackmycf.com/
Charlie Arehart: If you've not yet run free http://www.hackmycf.com (from @foundeo, @pfreitag) against your your server, what are you waiting for?
Mark Drew: Awesome CF Security checking service...
How Does it Work?
We make a series of requests to your web site looking for the absence of security hotfixes. This tool will place a very small amount of load on your server. None of the requests we make will compromise your server.
Also be sure to check out our paid subscription plans for automated scanning (daily, weekly, monthly) and more features.
What Can it find?
We can detect the absence of several security hotfixes, and insecure configuration settings. Here are some of the things we can detect:
- ColdFusion 9 Solr Service Exposed (APSB10-04, CVE-2010-0185)
- ColdFusion 9, 8, 7 BlaseDS XML External Entity Injection Vulnerability (CVE-2009-3960, APSB10-05)
- ColdFusion 8 FCKeditor Vulnerability (APSB09-09, CVE-2009-2265)
- Apache Double Encoded Null Byte Vulnerability (APSB09-12, CVE-2009-1876)
- Cross Site Scripting Vulnerabilities (APSB09-09, CVE-2009-1877 and CVE-2009-1872)
- And More
Check back as we are always looking to add more detectors.
Who built this site?
Why thanks for asking. This site was built by Foundeo Inc., a Consulting & Products company specializing in Web Application Security.
Foundeo also sells a Web Application Firewall for ColdFusion providing an added layer of protection for your ColdFusion applications. It helps protect your ColdFusion applications from Cross Site Scripting, SQL Injection, and more.
Need Help Securing your Server?
Contact Foundeo Inc. We can help you apply the necessary ColdFusion hotfixes, configure the ColdFusion administrator, and more.
© 2009-2010 Foundeo Inc. | ColdFusion is a registered trademark of Adobe Systems Inc