Apr 26, 2014

ColdFusion Security Statistics Report 2014 - My look

2014 Website Security Statistics Report   released few days back which gives brief Info about security issues related to all web technologies.

Here are few points and some care which we need to take:

1. ColdFusion 5th most widely used languages.
2. But the main Point in the report which brings me sad is "10.59% of ColdFusion sites had at least one SQL Injection vulnerability, the highest among all Programming Languages"

Who is responsible ?

Yes, we developers who are not writing secure CFML code to stop SQL Injection Vulnerabilities.
Not using QueryParam is not at all accepted in CF World.

Writing a Parametrized Query can stop most of SQL Injection Vulnerabilities. Please follow it.

3. XSS (46%), SQL Injection(11%) and Information Leakage(24%) Vulnerabilities are major  concerns.

Hope we will write Secure CFML code and protect our ColdFusion Sever to prevent such vulnerabilities in future.