Hack Proofing ColdFusion [ILLUSTRATED] (Paperback)

~ Steve Casco (Author), Rob Rusher (Author), Greg Meyer (Author), Sarge (Author), David Vaccaro (Author), David An (Author) "Macromedia claims on their Web site that their ColdFusion (CF) product "helps you build applications quickly, assemble powerful solutions easily, and deliver high performance and..." (more)
Key Phrases: undocumented tags, other useful considerations, connectstring attribute, Advanced Security, Red Hat, Frequently Asked Questions (more...)

Editorial Reviews

Product Description

The only way to stop a hacker is to think like one!
ColdFusion is a Web application development tool that allows programmers to quickly build robust applications using server-side markup language. It is incredibly popular and has both an established user base and a quickly growing number of new adoptions. It has become the development environment of choice for e-commerce sites and content sites where databases and transactions are the most vulnerable and where security is of the utmost importance.
Several security concerns exist for ColdFusion due to its unique approach of designing pages using dynamic-page templates rather than static HTML documents. Because ColdFusion does not require that developers have expertise in Visual Basic, Java and C++; Web applications created using ColdFusion Markup language are vulnerable to a variety of security breaches.
Hack Proofing ColdFusion 5.0 is the seventh edition in the popular Hack Proofing series and provides developers with step-by-step instructions for developing secure web applications.

· Teaches strategy and techniques: Using forensics-based analysis this book gives the reader insight to the mind of a hacker
· Interest in topic continues to grow: Network architects, engineers and administrators are scrambling for security books to help them protect their new networks and applications powered by ColdFusion
· Unrivalled Web-based support: Up-to-the minute links, white papers and analysis for two years at solutions@syngress.com

About the Author

Greg Meyer (Macromedia Certified Advanced Cold Fusion 5.0 Developer) is a Senior Systems Engineer with Netegrity. Rob Rusher (Certified ColdFusion Instructor + Developer) is a Principal Consultant with AYC Ltd. Rob’s background includes positions as a Senior Consultant at Macromedia (Allaire), and as a Senior Software Engineer at Lockheed Martin. Steven Casco is the Founder and Chairman of the Boston Cold Fusion Users Group. Sarge (MCSE, MMCP, Certified ColdFusion Developer) is the former ColdFusion Practice Manager for Macromedia Consulting Services. He currently provides a consummate source for security, session-management, and LDAP information as a Senior Product Support Engineer, handling incident escalations as a member of Macromedia's Product Support - Server Division. David Vaccaro is Senior Web Application Developer and President of X-treme Net Development, Inc.

Product Details

• Paperback: 512 pages
• Publisher: Syngress; 1 edition (April 2002)
• Language: English
• ISBN-10: 1928994776
• ISBN-13: 978-1928994770
• Product Dimensions: 9.2 x 7.4 x 1.4 inches
• Shipping Weight: 2.4 pounds (View shipping rates and policies)
• Average Customer Review: 3.0 out of 5 stars  See all reviews (3 customer reviews)
• Amazon.com Sales Rank: #1,511,551 in Books (See Bestsellers in Books)

  Popular in this category: (What's this?)

  #51 in

  Books > Computers & Internet > Web Development > Programming > Cold Fusion

Customer Reviews

Most Helpful Customer Reviews

14 of 18 people found the following review helpful:

2.0 out of 5 stars Too disorganized to be useful, August 27, 2002

By	Jeff Roback (Los Angeles, California United States) - See all my reviews

I was really looking forward to reading this book. Given the complexity of maintaining a secure web site, a concise organized approach to the securing Cold Fusion web sites sounded like agreat book topic.

Unfortunately, this book wasn't the answer. The text appears to be written by multiple authors who weren't interacting with one another and who didn't have an effective editor to channel their ideas into a logical flow of text. Similar topics are covered multiple times throughout the book, and in some cases virtually identical descriptions and disclaimers get repeated. Other times detailed topical points are mentioned briefly only to have the relevant background presented much later in a different context. This book requires frequent usage of the index and table of contents to pull together the information into a useful manner. A very frustrating read.

This book is one to pass on. I'd strongly recommend Ben Forta's ColdFusion 5 Web Application Construction Kit and/or The O'Reilly "Programming Cold Fusion".... Both provide logical well organized coverage of security material and also provide a wealth of general Cold Fusion tips and techniques.

2.0 out of 5 stars Not a good source, January 11, 2006

By	Zonk (Southern California) - See all my reviews

I was really disappointed in this book. It's not a very good source of "hack proofing" I was hoping to have something that I could use as a training guide for other developers, but this was certainly not it. The book contains information regarding locking down the web server's operating system and changing some settings in the CF Administrator, but it is not at all an effective tool for training developers or yourself in producing hack-proof ColdFusion applications.

Skip this one... It's not nearly worth the price.

10 of 20 people found the following review helpful:

5.0 out of 5 stars A MUST read for CF Developers, May 2, 2002

By A Customer

With the ease of ColdFusion comes many novice developers.
This book will help developers find their troubled security issues in their code.
Love this book.