One of the recommendations I mention in OWASP TOP 10 2017 A2-Broken Authentication: Password Requirements is to provide guidance to your users when creating passwords. Here I attempt to explore some ways of implementing feedback to users on the strength of their passwords.
»
the new guidelines for password requirements say to drop all the complexity rules and to create a blocklist of weak, common, and compromised passwords that cannot be used when a user creates a new account. Here is a quick example of one way this could be implemented in CFML.
»
Continuing the series on the OWASP Top 10 now we look at the #2 OWASP vulnerability which is Broken Authentication
»
In this post, I will focus on the #1 OWASP vulnerability which is Injection and how to prevent it in CFML applications.
»
The book Accelerate: The Science of Lean Software and DevOps: Building and Scaling High Performing Technology Organizations by Nicole Forsgren Ph.D., Jez Humble, and Gene Kim warn that organizations should be learning continuous delivery so they do not fall behind in a world where IT is critical to remain competitive in any industry.
»
Here is an easy way to run CFLint on files from within ST2 or ST3 using build systems.
»
I created this gist that is a CommandBox Task Runner that takes a glob pattern and runs CFLint on any files that match.
»
In part I of this blog series we walked through using TestBox-Sna...
»
In my previous post, I discussed the importance of refactoring and a general workflow for using Approval Tests to be sure you...
»
Legacycode.rocks is a great resource for anyone working with legacy code. Aside from a ton of useful information, it is also motivational because they really try ...
»
Watching the keynote talks from this year’s Into the Box Conference gave me some inspiration to start learning more about running CFML applications in Docker. I currently run a Jekyll Docker image to ...
»
This is a script I wrote to quickly setup a new Mura 7 development server in CommandBox. It runs ...
»
In my previous blog posts I talked about working with streams in Node.js. I assumed I could do something similar working in CFML by using Java but had never attempted it. ...
»
In Adobe Coldfusion you can only return one record set from using cfquery or queryExecute. If you need to return multipl...
»
A quick tip for future Jason or anyone else who may work with Coldbox and legacy code (not MVC) running side-by-side. I found this well documented in the »