GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → foundeo → cfml-security-training

foundeo / cfml-security-training

Licence: Apache-2.0 license
An INSECURE example website for use in CFML security training.

Programming Languages

ColdFusion
112 projects
HTML
75241 projects
shell
77523 projects

Labels

coldfusioncfml

Projects that are alternatives of or similar to cfml-security-training

core
FarCry Core: a web app framework for the ColdFusion language (supporting Lucee & Adobe ColdFusion engines). An ideal platform for building bespoke or tailor made solutions.
Stars: ✭ 34 (+30.77%)
Mutual labels:  coldfusion, cfml
cfml-tags-to-cfscript
A collection of examples defining how to convert CFML code blocks written in tags to CFScript.
Stars: ✭ 30 (+15.38%)
Mutual labels:  coldfusion, cfml
TestBox
TestBox is a next generation testing framework for ColdFusion (CFML) that is based on BDD (Behavior Driven Development) for providing a clean obvious syntax for writing tests. It also includes MockBox, our mocking and stubbing framework.
Stars: ✭ 54 (+107.69%)
Mutual labels:  coldfusion, cfml
bolthttp
A HTTP Client for CFML
Stars: ✭ 28 (+7.69%)
Mutual labels:  coldfusion, cfml
messaging-polyglot
RabbitMQ Messaging Polyglot with Java, ColdFusion, CommandBox, Groovy and more
Stars: ✭ 18 (-30.77%)
Mutual labels:  coldfusion, cfml
lucee-docs
Source and build scripts for Lucee's documentation.
Stars: ✭ 39 (+50%)
Mutual labels:  coldfusion, cfml
cfwheels-example-app
A CFWheels 2.x App with user management, role based permissions and password resets
Stars: ✭ 17 (-34.62%)
Mutual labels:  coldfusion, cfml
Slatwall
Slatwall - An Open Source Commerce Platform
Stars: ✭ 136 (+423.08%)
Mutual labels:  coldfusion
coldfusion-10-11-xss
Proof of Concept code for CVE-2015-0345 (APSB15-07)
Stars: ✭ 22 (-15.38%)
Mutual labels:  coldfusion
Di1
DI/1 - Inject One - is a very lightweight, convention over configuration, dependency injection (inversion of control) framework for ColdFusion / CFML.
Stars: ✭ 109 (+319.23%)
Mutual labels:  coldfusion
Mach Ii Framework
Mach-II is a web-application framework focused on easing software development and maintenance.
Stars: ✭ 93 (+257.69%)
Mutual labels:  coldfusion
cf-mailchimp
ColdFusion wrapper for the MailChimp 3.0 API
Stars: ✭ 17 (-34.62%)
Mutual labels:  coldfusion
Taffy
🍬 The REST Web Service framework for ColdFusion and Lucee
Stars: ✭ 218 (+738.46%)
Mutual labels:  coldfusion
Razuna
This is the source code for the famous open source digital asset management - Razuna
Stars: ✭ 144 (+453.85%)
Mutual labels:  coldfusion
Hoth
Exception tracking for ColdFusion.
Stars: ✭ 126 (+384.62%)
Mutual labels:  coldfusion
sonar-coldfusion
SonarQube ColdFusion Analyzer
Stars: ✭ 25 (-3.85%)
Mutual labels:  coldfusion
Cfstatic
CfStatic is a framework for managing the inclusion and packaging of CSS and JavaScript in CFML applications.
Stars: ✭ 102 (+292.31%)
Mutual labels:  coldfusion
Cfwheels
An open source ColdFusion framework inspired by Ruby on Rails.
Stars: ✭ 188 (+623.08%)
Mutual labels:  coldfusion
Cflint
Static code analysis for CFML (a linter)
Stars: ✭ 156 (+500%)
Mutual labels:  coldfusion
Coldbox Platform
A modern, fluent and conventions based HMVC framework for ColdFusion (CFML)
Stars: ✭ 220 (+746.15%)
Mutual labels:  coldfusion
View All Similar Projects ➔

cfml-security-training

This is a CFML web application that intentionally contains many many security vulnerabilties for training purposes. It is used in Foundeo's ColdFusion Security Training Course.

Here's a listing of some of the vulnerabilities you can find in this application:

  • SQL Injection
  • Cross Site Scripting (XSS)
  • Path Traversals
  • Remote Code Execution
  • File Upload Vulnerabilities
  • Insecure Password Storage
  • Cross Site Request Forgery
  • Insufficient Authentication/Authorization
  • Timing Attacks

Setup / Installation

Please run this in a virtual machine and keep restricted to localhost so you do not compromise your computer.

Requires CF11+ or Lucee 4.5+.

Clone / Download Repository

cd /somewhere/
git clone https://github.com/foundeo/cfml-security-training.git .

Install CommandBox

We'll use commandbox or box for short to spin up a local CFML server. You can download it here: https://www.ortussolutions.com/products/commandbox#download, please read the commandbox installation docs for more info.

Start CFML Server

Start up a CFML server, using commandbox you can just do:

cd wwwroot
box server start cfengine=adobe@2016

The above will start up a CF2016 server on a random port number and open your default web browser to the server.

Optional: MySQL Setup

By default it is setup to use Apache Derby, which should work well for Adobe ColdFusion engines (since it is included by default). If you are using Lucee or want to use MySQL instead of Derby please follow these instructions:

  1. Create a empty database called bankofinsecurity

  2. Create a user account bankofi with password bankofi

  3. If running on Adobe ColdFusion you will need to add the MySQL database driver to your lib directory in ~/.CommandBox/server/{server-id}/adobe-{version}/WEB-INF/lib

History / About

Some of this work was inspired by the HackableType application buily by Pete Freitag & Jason Dean way back in 2010. This is an attempt to modernize and simplify.

If you are in need of CFML security training at your organization, please contact Foundeo Inc.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].