Dnia kończy déjà do to ładna świeża i melancholijny strony well as built- protection against CRLF injection for several tags. this article from for more on CF10 security enhancements. CF11 added new XSS support, the guise of Anti-Samy support, with new functions isSafeHTML and getSafeHTML, and support for Xpath injection protection with the new encodeForXPath function. this article from for more on CF11 security enhancements. Finally, CF2016 added the Security Analyzer tool to help review your code for such opportunities for improvement regarding security. CFQueryParam, a tag whose main job is to support query parameterization, aka bind variables, but is used by folks to help with sql injection protection, as it supports datatype checking of values passed to a CFQUERY. For instance, if the tag was used to check incoming url variable for cfsqltype=CF_SQL_INTEGER then if that value had any kind of string it, it would be rejected. To be clear, this tag's job is NOT sql injection protection. If the cfsqltype were set to CF_SQL_VARCHAR, that would simply confirm that the incoming value was a string. It would NOT look for and remove threatening strings. Be very careful relying solely on cfqueryparam for sql injection protection. Note that while the CF Builer 2016 Security Analyzer would help identify places where you are vulnerable to Injection there is also open-source CFML tool to help identify such places where CFQUERYPARAM is missing from your CFML-based. the Queryparam Scanner tool from Boughton The following tools are limited their focus, blocking by IP address Since IP addresses can be spoofed, and or bad guys could spread their attacks across a farm of compromised machines, these are nut nearly as powerful as the WAF tools above. ColdFusion Enterprise Server Monitor, from versions 8 and above). Offers a session monitor, which shows a list of all current sessions, whether EE or not. its Statistics tab at the top, then the Request Statistics section on the left, and its Active Sessions Your first shown a list of all sessions, and if you double-click on one you additional details about the session Click the chart icon on the far right to a chart showing a count of sessions Note that a simple count of ColdFusion sessions is available though a number of other means, whether graphically or logs: FusionReactor, commercial, for ColdFusion, Lucee Railo, BlueDragon, and any EE server servlet engine. FusionReactor 5 offers a graphical count of sessions its Metrics>Custom Series via the ActiveSessionCount option the drop-down at the top right of the It also offers a count of sessions as a column its realtimestats.log. That log is also available for FusionReactor 4, if the FusionReactor Extensions for ColdFusion are enabled. FREC is now built into FR 5 Those running ColdFusion 10 or above or running CF or Lucee Railo on Tomcat, should note that there are tools specifically for monitoring Tomcat sessions, such as MessAdmin, open source, though again it would only work if J2EE sessions are enabled ColdFusion. And while the built- Tomcat Manager application does offer session tracking, that manager app is not enabled CF10 Following are the subcategories offered: Following are some of the more popular source code control repository tools, including multiple distributed source control tools. Note that of the tools bundle client access tools. You can also avoid installing a source code repository locally and instead use any of the available Remote Source Code Repositories, discussed the next category here. There are various reviews of these remote repository options, including here, here and here. There are multiple categories of testing tools offered here. Following are the subcategories offered: CFML Code Testing Tools also related subcategories the introduction to the broader category above. CFML Testing Tools also related subcategories the introduction to the broader category above. Database Testing Tools also related subcategories the introduction to the broader category above. Functional Testing Tools The following tools test the functionality of web pages, such as for regression testing. also related subcategories the introduction to the broader category above. HTML Validation Tools The following tools can check your site or a for the validity of your HTML, CSS, etc. Link Checking Tools The following tools can check your site or a for the validity of hyperlinks. Some are online services, others are downloadable tools. Network Bandwidth Testing Tools The following tools test your network bandwidth. Some are tools you run once, others are tools that monitor your bandwidth continuously. Load, Stress, and Application Testing Tools There are load testing and or stress testing tools, free and commercial. also related