Two-Factor Authentication with TOTP and CFML

A walkthrough example of how to implement 2-Factor authentication (2FA) using Time-based One-time Password Algorithm (TOTP) in a CFML application running on the Coldbox MVC framework. »

OWASP TOP 10 2017 A2-Broken Authentication: Password Guidance

One of the recommendations I mention in OWASP TOP 10 2017 A2-Broken Authentication: Password Requirements is to provide guidance to your users when creating passwords. Here I attempt to explore some ways of implementing feedback to users on the strength of their passwords. »

Implementing a Weak Password Blocklist in CFML

the new guidelines for password requirements say to drop all the complexity rules and to create a blocklist of weak, common, and compromised passwords that cannot be used when a user creates a new account. Here is a quick example of one way this could be implemented in CFML. »

OWASP TOP 10 2017 A2-Broken Authentication: Password Requirements

Continuing the series on the OWASP Top 10 now we look at the #2 OWASP vulnerability which is Broken Authentication »

Secure CFML: OWASP TOP 10 2017 A1-Injection

In this post, I will focus on the #1 OWASP vulnerability which is Injection and how to prevent it in CFML applications. »