OWASP TOP 10 2017 A2-Broken Authentication: Password Guidance

One of the recommendations I mention in OWASP TOP 10 2017 A2-Broken Authentication: Password Requirements is to provide guidance to your users when creating passwords. Here I attempt to explore some ways of implementing feedback to users on the strength of their passwords. »

Implementing a Weak Password Blocklist in CFML

the new guidelines for password requirements say to drop all the complexity rules and to create a blocklist of weak, common, and compromised passwords that cannot be used when a user creates a new account. Here is a quick example of one way this could be implemented in CFML. »

OWASP TOP 10 2017 A2-Broken Authentication: Password Requirements

Continuing the series on the OWASP Top 10 now we look at the #2 OWASP vulnerability which is Broken Authentication »

Secure CFML: OWASP TOP 10 2017 A1-Injection

In this post, I will focus on the #1 OWASP vulnerability which is Injection and how to prevent it in CFML applications. »

Accelerate: The Science of Lean Software and DevOps: Building and Scaling High Performing Technology Organizations

The book Accelerate: The Science of Lean Software and DevOps: Building and Scaling High Performing Technology Organizations by Nicole Forsgren Ph.D., Jez Humble, and Gene Kim warn that organizations should be learning continuous delivery so they do not fall behind in a world where IT is critical to remain competitive in any industry. »

Linting Your CFML code with CFLint and Sublime Text Build Systems

Here is an easy way to run CFLint on files from within ST2 or ST3 using build systems. »

Example of Using a CommandBox Task Runner to Run CFLint

I created this gist that is a CommandBox Task Runner that takes a glob pattern and runs CFLint on any files that match. »

Refactoring Legacy CFML with Approval Tests: Part II

In part I of this blog series we walked through using TestBox-Sna... »

Refactoring Legacy CFML with Approval Tests: Part I

In my previous post, I discussed the importance of refactoring and a general workflow for using Approval Tests to be sure you... »

Refactoring Legacy Code with Approval Tests

Legacycode.rocks is a great resource for anyone working with legacy code. Aside from a ton of useful information, it is also motivational because they really try ... »

Playing Around with CFML and Docker: First Steps

Watching the keynote talks from this year’s Into the Box Conference gave me some inspiration to start learning more about running CFML applications in Docker. I currently run a Jekyll Docker image to ... »

Mura 7 Development with CommandBox

This is a script I wrote to quickly setup a new Mura 7 development server in CommandBox. It runs ... »

Working with File Streams in CFML/Java

In my previous blog posts I talked about working with streams in Node.js. I assumed I could do something similar working in CFML by using Java but had never attempted it. ... »

Return Multiple Record Sets from a Query in Coldfusion

In Adobe Coldfusion you can only return one record set from using cfquery or queryExecute. If you need to return multipl... »

Executing Coldbox Events in Legacy Code

A quick tip for future Jason or anyone else who may work with Coldbox and legacy code (not MVC) running side-by-side. I found this well documented in the »