Web Application Security, with a Focus on ColdFusion

Security is often overlooked in web application development. Web applications must be secured 'in depth' because they are dependent on the hardware, the OS, the web server, the database, the scripting language, and finally the application code. Although web application security is not product specific we will focus on the last two layers using ColdFusion (CF) and the code. This paper covers default installation, two-step attacks, remote development, and security holes in the code, input encryption, which are the major issues in most web applications.