As a Federal IT contractor, especially one focused on Web Application Development and Cyber Security, DIT has followed the OPM breach closely. As noted in various news reports, congressional testimony, and IG findings, one of the affected systems was a web application written in ColdFusion. Knowing that incidents like the OPM breach are often catalysts for (sometimes radical) IT change, we set about writing a white paper to address actual and perceived security issues with using ColdFusion. Our hope is that it can help decision makers in any organization using ColdFusion reach logical and informed decisions with regard to their Web Applications.
In the attached we attempt to explain architecture and security implications of using ColdFusion. We explain why securing ColdFusion is no more difficult than securing any other web application platform, and that in general ColdFusion has a very good history with security vulnerability and patches compared to many other platforms.
If you have further questions about Cyber Security, especially as it relates to ColdFusion and other Web Applications, please contacts us. Our application Development and Security experts would be happy to discuss your specific situation with you.