Taming the Top 25 Most Dangerous Software Weaknesses with CFML

It doesn’t matter what language you use, security weaknesses will find a way to show up. In this talk we’ll look at 25 types software weaknesses that cause the most security vulnerabilities. For each weakness we’ll look at how CFML might be impacted and most importantly to avoid it.

In this session, we’ll dive into the “Top 25 Most Dangerous Software Weaknesses list” from the lens of a CFML developer. For many of the weaknesses we’ll look at an example of vulnerable CFML code and how to exploit it. Understanding the vulnerability, and how it is exploited is an important skillset for developers to have, but possibly even more important is understanding how to write code that avoids the weakness all together.

Some of the weaknesses we’ll explore include:

  • Code Injection / Remote Code Execution
  • XXE Injection
  • Server Side Request Forgery
  • File Upload Vulnerabilities
  • Cross Site Request Forgeries
  • Path Traversals
  • And many more