This is a valid RSS feed.
This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.
<?xml version="1.0" ?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<!-- RSS generated by Carehart.org/ugtv on Wed, 25 Jan 2023 06:00:00 GMT -->
<channel>
<title>UGTV Recorded Presentations - search for security</title>
<link>https://www.carehart.org/ugtv/list.cfm?search=security</link>
<description>Latest UGTV Recorded Presentations</description>
<language>en-us</language>
<copyright>Copyright 2025 Carehart.org</copyright>
<ttl>360</ttl>
<docs>https://www.carehart.org/ugtv/rss.cfm</docs>
<lastBuildDate>Wed, 25 Jan 2023 06:00:00 GMT</lastBuildDate>
<atom:link href="https://www.carehart.org/ugtv/rss.cfm?search%3Dsecurity" rel="self" type="application/rss+xml" />
<item>
<guid isPermaLink="false">2EFC63BD-7042-4484-BDB5-9BB11BA7EC79</guid>
<title>CF Online Summit 2022: Below the surface: web vulnerabilities hiding in your applications</title>
<description>Title: CF Online Summit 2022: Below the surface: web vulnerabilities hiding in your applications<br> Presenter: Brian Reilly <br> Date Recorded: Dec 09, 2022<br>Duration (hh:mm): 0:57<br>Submitter: charlie arehart<br><br>Description: <br>Congratulations! You&apos;ve patched your servers, fixed all of your XSS, cfqueryparam&apos;d away your SQL injections, federated your authentication, and all of your forms check CSRF tokens. But after you&apos;ve covered the basics, what may still be lurking out there in your applications? This talk will look at a few vulnerability classes that are sometimes missed and how they relate to ColdFusion applications. Examples will include Server Side Request Forgery, cryptographic attacks, and more. My goal for this talk is to raise awareness about what may be some application security blindspots for some ColdFusion developers. <br><br>Recording URL: https%3A%2F%2Fwww%2Eyoutube%2Ecom%2Fwatch%3Fv%3D8ksA9RfBrEE%26list%3DPL3iywAijqFoWt6%5FO%5FYBAW6RbmaJokrq%5FR</description>
<link>https://www.youtube.com/watch?v=8ksA9RfBrEE&list=PL3iywAijqFoWt6_O_YBAW6RbmaJokrq_R</link>
<pubDate>Wed, 25 Jan 2023 06:00:00 GMT</pubDate>
</item>
<item>
<guid isPermaLink="false">943497E1-23F7-4860-84DC-26E8FB9E3D6B</guid>
<title>CF Online Summit 2022: A Sneak Peek into ColdFusion Builder on VSCode</title>
<description>Title: CF Online Summit 2022: A Sneak Peek into ColdFusion Builder on VSCode<br> Presenter: Nikhil Dubey <br> Date Recorded: Nov 18, 2022<br>Duration (hh:mm): 1:11<br>Submitter: Charlie Arehart<br><br>Description: <br>In the session, Nikhil Dubey will be talking about the newly released VSCode Extension for CFML and how it makes CFML developers&apos; life easier. Starting briefly with some usage statistics and overview of plugin architecture, the talk will be throwing light on the value-adding features like code assist, code completion, formatting, navigation, etc. that the plugin offers. Unique features exclusive with Adobe plugin like RDS, Security Analyzer, Server Manager, Project Manager along with their utilities will be discussed in some details. A small demo will follow. Takeaways - Developers will be aware of various features available to make development effort smooth. They will also have an overall picture of how the extension is working internally. <br><br>Recording URL: https%3A%2F%2Fwww%2Eyoutube%2Ecom%2Fwatch%3Fv%3D90sOeP48TS0%26list%3DPL3iywAijqFoWt6%5FO%5FYBAW6RbmaJokrq%5FR</description>
<link>https://www.youtube.com/watch?v=90sOeP48TS0&list=PL3iywAijqFoWt6_O_YBAW6RbmaJokrq_R</link>
<pubDate>Tue, 29 Nov 2022 06:00:00 GMT</pubDate>
</item>
<item>
<guid isPermaLink="false">ED870F56-E8E2-4E0C-99F5-2E8BAB19D1B1</guid>
<title>CFMeetup: Avoiding Server-Side Request Forgery (SSRF) Vulns in CFML</title>
<description>Title: CFMeetup: Avoiding Server-Side Request Forgery (SSRF) Vulns in CFML<br> Presenter: Brian Reilly <br> Date Recorded: Nov 11, 2021<br>Duration (hh:mm): 1:00<br>Submitter: charlie arehart<br><br>Description: <br>Server-Side Request Forgery (SSRF) vulnerabilities allow an attacker to make arbitrary web requests (and in some cases, other protocols too) from the application environment. Exploiting these flaws can lead to leaking sensitive data, accessing internal resources, and under certain circumstances, remote command execution.
Several ColdFusion/CFML tags and functions can process URLs as file path arguments -- including some tags and and functions that you might not expect. If these tags and functions process unvalidated user-controlled input, this can lead to SSRF vulnerabilities in your applications. In addition to providing a list of affected tags and functions, I&apos;ll cover some approaches for identifying and remediating vulnerable code. My goal for this talk is to raise awareness about what may be a security blindspot for some ColdFusion/CFML developers. <br><br>Recording URL: https%3A%2F%2Fwww%2Eyoutube%2Ecom%2Fwatch%3Fv%3D%2Dwu6cRZcRx0%26list%3DPLG2EHzEbhy0%2DQirMKgSxhjkUyTSSTvHjL</description>
<link>https://www.youtube.com/watch?v=-wu6cRZcRx0&list=PLG2EHzEbhy0-QirMKgSxhjkUyTSSTvHjL</link>
<pubDate>Thu, 07 Jul 2022 05:00:00 GMT</pubDate>
</item>
<item>
<guid isPermaLink="false">2BC58F08-E95B-4B76-B717-5E6D8BBFDBB0</guid>
<title>CFMeetup: Approaches to more secure ColdFusion code</title>
<description>Title: CFMeetup: Approaches to more secure ColdFusion code<br> Presenter: Pete Freitag <br> Date Recorded: Oct 24, 2019<br>Duration (hh:mm): 1:00<br>Submitter: charlie arehart<br><br>Description: <br>Security is a topic we as developers love to ignore as much as possible, but as the number of attacks increase year over year we need to grab hold of the security in our apps. It can be difficult to secure large or legacy codebases, we&apos;ll look at some practical approaches to getting in there and making progress. We&apos;ll also review some of the top vulnerabilities to watch out for, which also provide a good starting point. <br><br>Recording URL: https%3A%2F%2Fexperts%2Eadobeconnect%2Ecom%2Fpa7gw4koa5ns%2F</description>
<link>https://experts.adobeconnect.com/pa7gw4koa5ns/</link>
<pubDate>Thu, 07 Jul 2022 05:00:00 GMT</pubDate>
</item>
<item>
<guid isPermaLink="false">C467F3F5-A7BB-4AFD-9898-0DC6EF47960A</guid>
<title>CFMeetup: Thinking about Server Performance</title>
<description>Title: CFMeetup: Thinking about Server Performance<br> Presenter: Robin Hilliard <br> Date Recorded: May 26, 2011<br>Duration (hh:mm): 1:00<br>Submitter: charlie arehart<br><br>Description: <br>Only a week after your site goes live your client rings you to say that customers are complaining that the site is too slow. A big advertising campaign is booked to go out next week, and what are you going to do about it? Didn&apos;t you tell us the performance was fine? (Of course you did some performance tests - well, you got the whole development team to fill in forms and follow links for half an hour on the staging server and nothing seemed to be too slow then - it must be the hosting companies&apos; fault...)
You&apos;re not alone. A lot of web sites go live without performance testing, either from a false sense of security created by snappy response times in development, a lack of testable performance requirements or not knowing how to translate development response times into production performance. As evidenced by the growing number of high profile Internet service performance stumbles in the last few years, something has to change.
In this presentation Robin will describe how to specify performance requirements, and how to relate them to single-user response times in development. To do this he will introduce you to an easy-to-use spreadsheet based on a branch of mathematics called queueing theory that he originally developed while working as a support engineer at Allaire. But more importantly, he will convince you that performance is critical to the success of server applications, and that predicting and fixing performance issues is much easier than you think. <br><br>Recording URL: https%3A%2F%2Fexperts%2Eadobeconnect%2Ecom%2Fp3cjzut3mwa%2F</description>
<link>https://experts.adobeconnect.com/p3cjzut3mwa/</link>
<pubDate>Thu, 07 Jul 2022 05:00:00 GMT</pubDate>
</item>
<item>
<guid isPermaLink="false">D2DDF2AF-31A4-47A8-9ECD-A7E37494D8DE</guid>
<title>CF Summit 2021: Tackling ColdFusion Security</title>
<description>Title: CF Summit 2021: Tackling ColdFusion Security<br> Presenter: Pete Freitag <br> Date Recorded: Dec 07, 2021<br>Duration (hh:mm): <br>Submitter: Charlie Arehart<br><br>Description: <br>Security can be a thorny and intimidating topic. Where do you start and what should you prioritize? In this talk, we had aim to set you on a path to improving the security of your ColdFusion Applications. <br><br>Recording URL: https%3A%2F%2Fvideo%2Etv%2Eadobe%2Ecom%2Fv%2F339407</description>
<link>https://video.tv.adobe.com/v/339407</link>
<pubDate>Fri, 25 Feb 2022 06:00:00 GMT</pubDate>
</item>
<item>
<guid isPermaLink="false">A908EDF8-6E96-42F9-8E48-A350E6B4DE5C</guid>
<title>CF Summit 2021: Building the Next Generation of Secure Developers</title>
<description>Title: CF Summit 2021: Building the Next Generation of Secure Developers<br> Presenter: Rey Bango <br> Date Recorded: Dec 08, 2021<br>Duration (hh:mm): <br>Submitter: Charlie Arehart<br><br>Description: <br>As companies migrate to more resilient cloud infrastructures, threat actors continue to turn their attention to the application landscape as the new entry point for compromising systems.
Despite cyberattacks happening at a pace of every 39 seconds, only 3% of U.S. bachelor's degree graduates have cybersecurity-related skills. While several factors play into this, the most glaring is that faculty just don't know about the security field, leading to gaps between academia and industry. Unfortunately, the gap has gotten wider due to constant changes and growing toolchains in software development.
This is compounded by a consistent lack of employee training in secure coding principles and how it applies to the software development life cycle, causing new entrants into software development to be ill-prepared to build secure systems.
This session delved into:
- The growing security challenges developers face today
- The current perceptions of “security” within the developer community
- The need for secure coding education at the university level
- Opportunities for learning secure coding in educational and corporate environments <br><br>Recording URL: https%3A%2F%2Fvideo%2Etv%2Eadobe%2Ecom%2Fv%2F339387</description>
<link>https://video.tv.adobe.com/v/339387</link>
<pubDate>Fri, 25 Feb 2022 06:00:00 GMT</pubDate>
</item>
<item>
<guid isPermaLink="false">0D175ABD-F77B-4288-A6C2-2967941779E7</guid>
<title>ColdFusion at 25: not the kid most have stuck in their minds</title>
<description>Title: ColdFusion at 25: not the kid most have stuck in their minds<br> Presenter: Charlie Arehart <br> Date Recorded: Jun 22, 2021<br>Duration (hh:mm): 1:04<br>Submitter: charlie arehart<br><br>Description: <br>As ColdFusion turns 26 next month, many seem stuck remembering it only as the &quot;teen&quot; they knew or even the &quot;child&quot;, when instead it&apos;s grown up to be a capable &quot;adult&quot;, impressive in many ways, and even more so recently. In this session, we&apos;ll look back at how CF has indeed evolved into a very capable platform, with quite modern features that seem to surprise many--including people working with it currently. If you struggle &quot;finding CF people&quot; or &quot;getting buy-in&quot;, perhaps these observations could help you with both challenges. If nothing else, they&apos;re things designed simply to help you get your job done, while keeping up with modern practices.
We&apos;ll start with many modern coding techniques--which will be familiar to those using more &quot;modern&quot; languages but that many don&apos;t realize CF supports, and may have for years. We&apos;ll then look at ways things such as CF installation/deployment, configuration/administration, monitoring, security, and more have improved over the years. And we&apos;ll look not only at CF itself but the community surrounding it, ranging from resources for help and learning to tools and services that others have created, making CF a far more complete ecosystem than most give it credit. Put another way: it&apos;s not your father&apos;s CF!
<br><br>Recording URL: https%3A%2F%2Fvideo%2Etv%2Eadobe%2Ecom%2Fv%2F334914</description>
<link>https://video.tv.adobe.com/v/334914</link>
<pubDate>Thu, 15 Jul 2021 05:00:00 GMT</pubDate>
</item>
<item>
<guid isPermaLink="false">DFAAC24F-398D-4624-ABBA-F36CBAA19EB6</guid>
<title>API's Part 5: Security and How to Protect Your Organization</title>
<description>Title: API's Part 5: Security and How to Protect Your Organization<br> Presenter: Brian Sappey <br> Date Recorded: May 13, 2021<br>Duration (hh:mm): 0:53<br>Submitter: charlie arehart<br><br>Description: <br>Get a detailed look at Adobe ColdFusion&apos;s security standards, with respect to your APIs and the API Manager. Learn about OAuth, along with the configuration of user stores, to secure your organization&apos;s services. (Part 5 was originally to be another session, to be held the day before, &quot;Policy Management and Access Controls&quot;, but it had to be postponed.) <br><br>Recording URL: https%3A%2F%2Fvideo%2Etv%2Eadobe%2Ecom%2Fv%2F333742</description>
<link>https://video.tv.adobe.com/v/333742</link>
<pubDate>Thu, 10 Jun 2021 05:00:00 GMT</pubDate>
</item>
<item>
<guid isPermaLink="false">F2163113-1666-4F80-9E16-A819B3E74EC3</guid>
<title>CFMeetup: Securing a ColdFusion Application with Fixinator & FuseGuard</title>
<description>Title: CFMeetup: Securing a ColdFusion Application with Fixinator & FuseGuard<br> Presenter: Pete Freitag <br> Date Recorded: Jan 28, 2021<br>Duration (hh:mm): 1:05<br>Submitter: charlie arehart<br><br>Description: <br>In this session we&apos;ll take a look at a ColdFusion application that is vulnerable to several security issues. We&apos;ll look at some of the security holes in the application, how they can be exploited. Finally we&apos;ll use FuseGuard to protect the application, and Fixinator to find and fix some of the vulnerabilities in the application. <br><br>Recording URL: https%3A%2F%2Fwww%2Eyoutube%2Ecom%2Fwatch%3Fv%3DmnWBb6Mm%5FpY%26list%3DPLG2EHzEbhy0%2DQirMKgSxhjkUyTSSTvHjL</description>
<link>https://www.youtube.com/watch?v=mnWBb6Mm_pY&list=PLG2EHzEbhy0-QirMKgSxhjkUyTSSTvHjL</link>
<pubDate>Thu, 28 Jan 2021 06:00:00 GMT</pubDate>
</item>
</channel>
</rss>
If you would like to create a banner that links to this page (i.e. this validation result), do the following:
Download the "valid RSS" banner.
Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)
Add this HTML to your page (change the image src
attribute if necessary):
If you would like to create a text link instead, here is the URL you can use: