Is Your ColdFusion Server Secure?
We've helped secure over 7600 ColdFusion servers.
What are the top ColdFusion Experts Saying About Hack My CF?
Ray Camden: Let me just say again - HackMyCF.com is one of the best things to happen to ColdFusion. Ever. After my beard of course.
Ben Forta: Running a ColdFusion server? I strongly suggest you run this against it: http://hackmycf.com/
Charlie Arehart: If you've not yet run free http://www.hackmycf.com (from @foundeo, @pfreitag) against your server, what are you waiting for?
Mark Drew: Awesome CF Security checking service...
Matt Gifford: HackMyCF.com ... it just works - beautifully well. Thank you @foundeo and @pfreitag
Luis Majano: Just scanned my #ColdFusion Server with http://hackmycf.com/ I recommend it for all CF users
How Does it Work?
We make a series of requests to your web site looking for the absence of security hotfixes. This tool will place a very small amount of load on your server. None of the requests we make will compromise your server.
Also be sure to check out our paid subscription plans for automated scanning (daily, weekly, monthly) and more features.
What Can it find?
We can detect the absence of several security hotfixes, and insecure configuration settings. Here are some of the things we can detect:
- ColdFusion 9.0.1 and Below Path Traversal Vulnerability (APSB10-18, CVE-2010-2861)
- ColdFusion 9 Solr Service Exposed (APSB10-04, CVE-2010-0185)
- ColdFusion 9, 8, 7 BlaseDS XML External Entity Injection Vulnerability (CVE-2009-3960, APSB10-05)
- ColdFusion 8 FCKeditor Vulnerability (APSB09-09, CVE-2009-2265)
- Apache Double Encoded Null Byte Vulnerability (APSB09-12, CVE-2009-1876)
- Cross Site Scripting Vulnerabilities (APSB09-09, CVE-2009-1877 and CVE-2009-1872)
- And More
Check back as we are always looking to add more detectors.
Who built this site?
This site was built by Foundeo Inc., a Consulting & Products company specializing in ColdFusion Security.
Foundeo also sells a Web Application Firewall for ColdFusion providing an added layer of protection for your ColdFusion applications. It helps protect your ColdFusion applications from Cross Site Scripting, SQL Injection, and more.
Need Help Securing your Server?
Contact Foundeo Inc. We can help you apply the necessary ColdFusion hotfixes, configure the ColdFusion administrator, and more.
© 2009-2013 Foundeo Inc. | ColdFusion is a registered trademark of Adobe Systems Inc

