pentests on cfwheels?
28 views
Skip to first unread message
Mike Henke
Apr 6, 2011, 11:37:17 AM4/6/11
to ColdFusion on Wheels
Anyone have an established company do penetration testing against an
application in Wheels?
application in Wheels?
John Blayter
Apr 6, 2011, 2:42:24 PM4/6/11
to cfwh...@googlegroups.com, Mike Henke
I've had a couple of scans on one of my Wheels site. I have integrated
FuseGuard so that stopped most of the penetration tests dead in its
tracks before it got to the Wheels app.
FuseGuard so that stopped most of the penetration tests dead in its
tracks before it got to the Wheels app.
The best $350 you can spend on securing your application.
FuseGuard
http://foundeo.com/security/
John Blayter
Land line: 303.731.3009
Mobile: 303.325.1979
http://www.blayter.com/john/
Denver ColdFusion User Group Manager
http://denvercfug.org/
On Wed, Apr 6, 2011 at 9:37 AM, Mike Henke <henk...@gmail.com> wrote:
> Anyone have an established company do penetration testing against an
> application in Wheels?
>
> --
> You received this message because you are subscribed to the Google Groups "ColdFusion on Wheels" group.
> To post to this group, send email to cfwh...@googlegroups.com.
> To unsubscribe from this group, send email to cfwheels+u...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/cfwheels?hl=en.
>
>
John C Bland II
Apr 6, 2011, 2:49:49 PM4/6/11
to cfwh...@googlegroups.com
Did you ever find a case where it blocked something legit?
Mike Henke
Apr 6, 2011, 3:01:42 PM4/6/11
to ColdFusion on Wheels
I guess I was talking not so much about vulnerability scans with
products like Qualis but Grey Hat Hacking techniques using proxies to
manipulate page requests, etc.
On Apr 6, 1:49 pm, John C Bland II <johncblan...@gmail.com> wrote:
> Did you ever find a case where it blocked something legit?
>
> On Apr 6, 2011, at 1:42 PM, John Blayter wrote:
>
> > I've had a couple of scans on one of my Wheels site. I have integrated
> > FuseGuard so that stopped most of the penetration tests dead in its
> > tracks before it got to the Wheels app.
>
> > The best $350 you can spend on securing your application.
> > FuseGuard
> >http://foundeo.com/security/
>
> > John Blayter
> > Land line: 303.731.3009
> > Mobile: 303.325.1979
> >http://www.blayter.com/john/
>
> > Denver ColdFusion User Group Manager
> >http://denvercfug.org/
>
products like Qualis but Grey Hat Hacking techniques using proxies to
manipulate page requests, etc.
On Apr 6, 1:49 pm, John C Bland II <johncblan...@gmail.com> wrote:
> Did you ever find a case where it blocked something legit?
>
> On Apr 6, 2011, at 1:42 PM, John Blayter wrote:
>
> > I've had a couple of scans on one of my Wheels site. I have integrated
> > FuseGuard so that stopped most of the penetration tests dead in its
> > tracks before it got to the Wheels app.
>
> > The best $350 you can spend on securing your application.
> > FuseGuard
> >http://foundeo.com/security/
>
> > John Blayter
> > Land line: 303.731.3009
> > Mobile: 303.325.1979
> >http://www.blayter.com/john/
>
> > Denver ColdFusion User Group Manager
> >http://denvercfug.org/
>
> > On Wed, Apr 6, 2011 at 9:37 AM, Mike Henke <henkem...@gmail.com> wrote:
> >> Anyone have an established company do penetration testing against an
> >> application in Wheels?
>
> >> --
> >> You received this message because you are subscribed to the Google Groups "ColdFusion on Wheels" group.
> >> To post to this group, send email to cfwh...@googlegroups.com.
> >> To unsubscribe from this group, send email to cfwheels+u...@googlegroups.com.
> >> For more options, visit this group athttp://groups.google.com/group/cfwheels?hl=en.
> >> Anyone have an established company do penetration testing against an
> >> application in Wheels?
>
> >> --
> >> You received this message because you are subscribed to the Google Groups "ColdFusion on Wheels" group.
> >> To post to this group, send email to cfwh...@googlegroups.com.
> >> To unsubscribe from this group, send email to cfwheels+u...@googlegroups.com.
John Blayter
Apr 6, 2011, 3:23:33 PM4/6/11
to cfwh...@googlegroups.com, John C Bland II
When I first add it to an application I have it log what it finds and
don't block anything. I was able to look at the logs and keep
adjusting the settings on what it was blocking and what it was letting
through so when I turned on the blocking I was 99% certain that I was
not going to be blocking any normal user interactions. I have not had
any complaints from users that it blocked them from doing some action
on the site.
don't block anything. I was able to look at the logs and keep
adjusting the settings on what it was blocking and what it was letting
through so when I turned on the blocking I was 99% certain that I was
not going to be blocking any normal user interactions. I have not had
any complaints from users that it blocked them from doing some action
on the site.
John Blayter
Land line: 303.731.3009
Mobile: 303.325.1979
http://www.blayter.com/john/
Denver ColdFusion User Group Manager
http://denvercfug.org/
John C Bland II
Apr 6, 2011, 3:25:00 PM4/6/11
to cfwh...@googlegroups.com
Good stuff. Thanks Blayter!
Alfredo Baraldi
Sep 22, 2011, 10:32:55 AM9/22/11
to cfwh...@googlegroups.com
Does anyone have specific information on how to use and its integration into FuseGuard Wheel?
2011/4/6 John C Bland II <johncb...@gmail.com>
tpet...@gmail.com
Sep 22, 2011, 11:12:24 AM9/22/11
to ColdFusion on Wheels
i'm very curious on what fuseguard would block to help secure a site.
to me the biggest things are XSS and SQLInjections, both of which
wheels takes care of with the h() and the ORM. what others are people
worried about and what can we put into wheels to address these
concerns? security is always a top priority.
On Sep 22, 10:32 am, Alfredo Baraldi <alfredo.bara...@gmail.com>
wrote:
to me the biggest things are XSS and SQLInjections, both of which
wheels takes care of with the h() and the ORM. what others are people
worried about and what can we put into wheels to address these
concerns? security is always a top priority.
On Sep 22, 10:32 am, Alfredo Baraldi <alfredo.bara...@gmail.com>
wrote:
> Does anyone have specific information on how to use and its integration into
> FuseGuard Wheel?
>
> 2011/4/6 John C Bland II <johncblan...@gmail.com>
> FuseGuard Wheel?
>
>
>
>
>
>
>
>
> > Did you ever find a case where it blocked something legit?
>
> > On Apr 6, 2011, at 1:42 PM, John Blayter wrote:
>
> > > I've had a couple of scans on one of my Wheels site. I have integrated
> > > FuseGuard so that stopped most of the penetration tests dead in its
> > > tracks before it got to the Wheels app.
>
> > > The best $350 you can spend on securing your application.
> > > FuseGuard
> > >http://foundeo.com/security/
>
> > > John Blayter
> > > Land line: 303.731.3009
> > > Mobile: 303.325.1979
> > >http://www.blayter.com/john/
>
> > > Denver ColdFusion User Group Manager
> > >http://denvercfug.org/
>
>
>
>
>
>
>
> > Did you ever find a case where it blocked something legit?
>
> > On Apr 6, 2011, at 1:42 PM, John Blayter wrote:
>
> > > I've had a couple of scans on one of my Wheels site. I have integrated
> > > FuseGuard so that stopped most of the penetration tests dead in its
> > > tracks before it got to the Wheels app.
>
> > > The best $350 you can spend on securing your application.
> > > FuseGuard
> > >http://foundeo.com/security/
>
> > > John Blayter
> > > Land line: 303.731.3009
> > > Mobile: 303.325.1979
> > >http://www.blayter.com/john/
>
> > > Denver ColdFusion User Group Manager
> > >http://denvercfug.org/
>
Alfredo Baraldi
Sep 22, 2011, 2:30:35 PM9/22/11
to cfwh...@googlegroups.com
2011/4/6 Mike Henke <henk...@gmail.com>
Anyone have an established company do penetration testing against an
application in Wheels?
Reply all
Reply to author
Forward
0 new messages