This document discusses how to lock down ColdFusion servers through securing the installation, post-installation configuration, and settings in the ColdFusion Administrator. It recommends following principles of least privilege, defense in depth, and reducing the attack surface. Specific steps include installing only necessary components, disabling unneeded servlets, restricting file permissions, updating to the latest JVM, securing sessions, and locking down the ColdFusion Administrator interface. The overall goal is to grant only the minimum permissions required to operate ColdFusion securely.
Can you contain the future - Docker, Container Technologies, The Future, and YouColdFusionConference
Linux containers and Docker have been all the rage in sysOps for quite some time now. Come to this session to learn about how you can or if you should be using them, and to learn about container technologies, how thy differ from VMs and if they truly are the future. Take a look at Docker basics and get an understanding of how it can be used as part of your workflow, not just for development, but for production deployments as well. We will also bust some Myths surrounding container technologies and Docker.
Prepare to be surprised! In this talk, veteran CF troubleshooter and presenter Charlie Arehart will continue his tradition of identifying hidden gems, this time in CF 2016 (formerly known as CF12, or code-name, Raijin). Sure, we hear all about the big, new features, or some that wow certain developers (or disappoint others), but in every release of CF there are always lots of little things that go unheralded and that may be just what you've been waiting for or may delight you, and this is just as true in CF2016. Some may solve a long-standing problem for you, or provide a new technique, whether related to coding, troubleshooting, administration, enterprise integration, and more.
In The Trenches With Tomster, Upgrading Ember.js & Ember DataStacy London
A few months after I started working with Ember.js & Ember Data at my new job we began a project to upgrade both. There were parts that were a breeze and others that were quite tricky. This talk walks you through some of the challenges we faced and how we solved them as well as how we began to prepare for the Ember 2.x architectural shift. Hopefully this talk will help save you some time when you decide to upgrade your Ember web application.
Presented at Open CF Summit 2012. Discusses options for adding WebSockets support to the different ColdFusion engines, both open source and commercial.
Can you contain the future - Docker, Container Technologies, The Future, and YouColdFusionConference
Linux containers and Docker have been all the rage in sysOps for quite some time now. Come to this session to learn about how you can or if you should be using them, and to learn about container technologies, how thy differ from VMs and if they truly are the future. Take a look at Docker basics and get an understanding of how it can be used as part of your workflow, not just for development, but for production deployments as well. We will also bust some Myths surrounding container technologies and Docker.
Prepare to be surprised! In this talk, veteran CF troubleshooter and presenter Charlie Arehart will continue his tradition of identifying hidden gems, this time in CF 2016 (formerly known as CF12, or code-name, Raijin). Sure, we hear all about the big, new features, or some that wow certain developers (or disappoint others), but in every release of CF there are always lots of little things that go unheralded and that may be just what you've been waiting for or may delight you, and this is just as true in CF2016. Some may solve a long-standing problem for you, or provide a new technique, whether related to coding, troubleshooting, administration, enterprise integration, and more.
In The Trenches With Tomster, Upgrading Ember.js & Ember DataStacy London
A few months after I started working with Ember.js & Ember Data at my new job we began a project to upgrade both. There were parts that were a breeze and others that were quite tricky. This talk walks you through some of the challenges we faced and how we solved them as well as how we began to prepare for the Ember 2.x architectural shift. Hopefully this talk will help save you some time when you decide to upgrade your Ember web application.
Presented at Open CF Summit 2012. Discusses options for adding WebSockets support to the different ColdFusion engines, both open source and commercial.
Recent Heart Bleed gives us a sign that how much Security was important. Security is not only dependent on your Scripting Language, Application code and Database. There are lots of Backdoor Vulnerability which may comes from Web Server and will be unknown to you.This presentation will focus on learning how we can protect our ColdFusion Applications from such Vulnerability.
Setting up your Multi Engine Environment - Apache Railo and ColdFusionGavin Pickin
Presented at cf.Objective() May 2014.
More info and resources related to presentation available here
http://www.gpickin.com/cfo2014/
Description of Target Audience
Are you a developer looking to setup Multiple CFML Engines in your Development or Server Environment, and after reading all of the different blogs out there, just want a walk through, to help clear things up, well, this session is for you.
Assumed Knowledge
None required, although basic installation / configuration or a web server and cfml engine would be easier to follow along.
Objective of the Topic
To give the audience all the knowledge and resources they need to be able to go home and install their own multiple cfml engine environment.
This topic will help walk the audience through dos and don'ts, and with a step by step on how to get Apache, Railo and Coldfusion to all play nicely together. There are many blogs out there showing users how to set up one engine, or another, but this session will help clear up the process. We will install Apache and connect to Coldfusion, Railo and a Railo Cluster, and install a small App to help manage the Websites, Apache, and Connectors, to save you diving into the CONF files continuously.
Why am I qualified to Present
I have been programming Coldfusion for over 14 years, and having been Team Lead and responsible for Server Install, Maint and Configuration for the last 13 years at 2 companies, I have been involved with the day to day coding in Coldfusion, but also the one in the firing line if Coldfusion server is not performing as required.
Recently my team and I have undertaken a migration Project of 100+ CFML websites (varying types and age), in which testing multiple CFML engines was required, I setup our Dev Staging and Production servers, as well as our Local Developer environments.
I built a couple of tools to help manage the setup, which I will share with the audience.
What Will the Audience Learn
- Basic Apache Config
- How to Install Coldfusion and extract the Connector
- How to Install Railo (instances) and extract the Connector
- How to Setup and Connect to a Railo Cluster
- How to edit the Apache and Tomcat Conf files to make them easier to maintain
- How to use my small App to Manage the Apache / Tomcat configurations
How to test if Cloudflare is running live for your websiteVu Long Tran
This is a guide on how to test if Cloudflare is running live for your website, including creating a har file and finding the ray ID to help with troubleshooting issues with Cloudflare Support
High Performance Wordpress: “Faster, Cheaper, Easier : Pick Three”Valent Mustamin
High Performance Wordpress: “Faster, Cheaper, Easier : Pick Three”
, by Harry Sufehmi (http://twitter.com/sufehmi), for WORDCAMPID - WordCamp Indonesia 2010. Auditorium Gunadarma University, Depok, January 30, 2010
AEM (CQ) Dispatcher Security and CDN+Browser CachingAndrew Khoury
This presentation cover Adobe AEM Dispatcher security and CDN and browser caching.
This presentation is the second part of a webinar on AEM Dispatcher:
http://dev.day.com/content/ddc/en/gems/dispatcher-caching---new-features-and-optimizations.html
Visit url above to view the whole presentation. Domique Pfister the primary engineer developing AEM Dispatcher covers the first part on new features.
Logging is important for troubleshooting a DNS service. Conveniently with BIND 9, almost all problems will show up somewhere in the log output, but only if the logging is enabled and configured correctly.
In this webinar, we’ll discuss the BIND 9 logging configuration and best practices in searching through large log-files to find the entries of interest. In addition, we’ll release log-management tools used by Men & Mice Services.
PHP is a first class citizen on IIS. A lot has been done in order to make sure that PHP can work well and fast on Windows. We will start by installing PHP with PHP Manager and discussing all the options including what thread safe vs non thread safe and VC6 vs VC9 means. Next we'll take a look at how to optimize the FastCGI IIS extension that Microsoft and Zend developed to provide a secure and performant environment for PHP applications. The last part of this webcast will show how to build PHP with Profile Guided Optimizations (PGO), a technique that can provide a significant performance boost in a wide range of applications.
Webinar Slides: New Tungsten Dashboard - Overview, Installation and ArchitectureContinuent
Tungsten Dashboard is our graphical user interface (GUI) for managing your Tungsten MySQL clusters interactively using a web browser, on your desktop, laptop, tablet or mobile. In our session, we'll provide a Tungsten Dashboard overview and discuss architecture, pre-requisites and security limitations.
AGENDA
- Configure the Tungsten Cluster Manager API
- Install and configure the Tungsten Dashboard
- Configure the Apache 2.4 web server
- Test connectivity to the Tungsten Manager API directly
- Install and configure HA proxy
- Test connectivity to the Tungsten Manager API via HA proxy
- Access the Tungsten Dashboard via a browser
Training Slides: Basics 106: Tungsten Dashboard Overview, Installation and Ar...Continuent
In this training session, we'll provide a Tungsten Dashboard overview and discuss architecture, pre-requisites and security limitations. A simple GUI management tool for Tungsten Clustering for MySQL / MariaDB / Percona Server, the Dashboard is usually installed on a standalone web server with HAProxy installed. This training session uses an example of a 6-node composite cluster.
AGENDA
- Tungsten Dashboard Welcome
- Tungsten Dashboard Overview
- Tungsten Dashboard Prerequisites
- Tungsten Dashboard Security Limitations
- Configure the Tungsten Cluster Manager API
- Test Connectivity to the Tungsten Manager API Directly
- Install the Tungsten Dashboard
- Install and Configure the Apache 2.4 Web Server
- Configure the Tungsten Dashboard
- Install and Configure HAProxy
- Test Connectivity to the Tungsten Manager API via HAProxy
- Access the Tungsten Dashboard GUI via a Browser
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Locking Down CF Servers
1. Locking Down CF Servers
Pete Freitag, Foundeo Inc.
foundeo.com | hackmycf.com | fuseguard.com
2. About Pete Freitag
✤ Owner of Foundeo Inc.
✤ HackMyCF - Remote ColdFusion Security Scanner
✤ FuseGuard - Web App Firewall for CFML
✤ Consulting - Install, Configure, Review, CFML Dev
✤ 17+ Years working with CF
✤ Author of CF9-11 Lockdown Guides, CFMX Cookbook (SAMs)
✤ blog: petefreitag.com twitter: @pfreitag slack: @foundeo
3. Our FocusToday
✤ Securing your ColdFusion Server Install
✤ Not covering:
✤ Hardening Your Operating System
✤ Database Security
✤ Securing your Application Source Code
5. Heavily Based on:
✤ Adobe ColdFusion 11 Lockdown Guide: http://bit.ly/cf11lockdown
✤ Adobe ColdFusion 10 Lockdown Guide: http://bit.ly/cf10lockdown
✤ Adobe ColdFusion 9 Lockdown Guide: http://bit.ly/cf9lockdown
✤ This talk assumes CF11, but is mostly the same for CF10 as well
✤ CF9 and below are no longer supported (no more security patches)
6. Why Do I need
to Lockdown
my install?
Can't the installer do everything for me?
What is secure?
What tradeoffs are acceptable?
(cc) http://www.flickr.com/photos/toddler/4169974226/
7. Principal of
Least Privilege
Grant only the minimum permission
required to accomplish a task.
(cc) http://www.flickr.com/photos/dvanzuijlekom/8279837896/in/photostream/
12. Services I Like:
✤ Duo Security: Two Factor
Authentication
✤ (RDP, SSH)
✤ Dome9: Cloud Firewall
✤ Easily grant temporary
access to administrative
ports.
13. Pre-Installation
✤ Lockdown and Patch OS
✤ OS Vendors have Lockdown Guides as well.
✤ https://access.redhat.com/documentation/en-US/
Red_Hat_Enterprise_Linux/6/html/Security_Guide/
✤ Windows Security Compliance Toolkit: http://
technet.microsoft.com/en-us/library/cc677002.aspx
✤ Ensure network firewall in place.
✤ Remove all unnecessary software.
14. Pre-Installation
✤ Windows: Create multiple
partitions OS, CF, Web Root.
✤ Limits impact of a path
traversal vulnerability.
✤ Create a user account for CF
to run as.
23. Post-Install
✤ Install any/all CF security
hotfixes and updates.
✤ Install / Update Web Server
connectors
✤ Configure administrator
settings.
24. Accessing CF Administrator
✤ Setup webserver (IIS / Apache)
✤ IP Restrictions, SSL, Additional User Auth
✤ or Use Builtin Web Server
25. Using BuiltinWeb Server
✤ Pro: Easy /CFIDE block
✤ Con: Harder to configure SSL, Virtual Directories, IP Restrictions
✤ Works well if using RDP to access from localhost, or setting up ssh
tunneling on unix
✤ If you need to access from public network, create a dedicated site,
use SSL, IP restrictions, etc.
26. Block /CFIDE
✤ If possible block all CFIDE
✤ If partially required block everything else.
✤ Block server wide, not by virtual host
✤ Always Restrict:
✤ /CFIDE/administrator
✤ /CFIDE/adminapi
✤ CF11 no longer has /CFIDE/GraphData.cfm
27. X
Red = Should be blocked
Orange = Block if possible
Yellow = Low risk but can be blocked
33. Restrict File Extensions
✤ By Folder (user upload directories):
✤ Eg: Restrict folder to serve only jpg, png, gif files.
✤ Can be done globally or on site specific as well
✤ The /jakarta virtual directory needs dll extension
34. Dedicated User Account
✤ Windows: Change Service Log On identity. Otherwise CF runs with
full permission to everything.
✤ Unix: The installer allows you to specify a user to run CF as.
✤ The default nobody user is probably not the best choice as other
services might share this account.
35. File System Permissions
Path CF User Permissions
Web Server User
Permissions
Web Root
Read Only
Additional as needed Read Only
CF Root
Full
Can be restricted further
/CFIDE
CF
Connector
Read
Read
Write (Logs)
36. File System Permissions
✤ /CFIDE and other directories under CF root can be restricted read
only permission by the cf user to prevent runtime change.
✤ Run CF10/CF11 hotfix installer from command line as administrator.
✤ java -jar {coldfusion-home}cfusionhf-updateshotfix_XXX.jar
37. Update JVM
✤ Update to latest supported JVM (1.8 currently for CF10-11)
✤ Java 1.6 & 1.7 (as of 4/15) no longer supported by Oracle!
✤ Adobe recommends you run the latest supported JVM (eg 1.8.
{highest number}) instead of specific version numbers.
38. Sandbox Security
✤ Disable Unnecessary Risks, eg: cfexecute, cfregistry
✤ More flexible on Enterprise but still works on standard.
39. Session Mechanism
Feature J2EE CF
Configure in Application.cfc No Yes
Token size configurable Yes No
Configure in web.xml Yes No
Interoperates with J2EE applications Yes No
SessionRotate No Yes
SessionInvalidate No Yes
CF10-11/tomcat
41. Tomcat
✤ Shutdown port / password
✤ Changing port on windows causes CF service stop to fail.
✤ Connector settings:
✤ connector secret (have to redo when updating connector)
✤ Tomcat 7 Security Configuration Guide: http://tomcat.apache.org/
tomcat-7.0-doc/security-howto.html
43. ColdFusion Administrator
✤ Default ScriptSrc Directory
✤ Setup an alias so /CFIDE/scripts/ -> /some-folder/
✤ Allows you to block /CFIDE
✤ If you don’t use cfform, cfajaxproxy, etc you can skip.
✤ If you use the builtin web server you need to configure an alias
44. ColdFusion Administrator
✤ Allowed file extensions for CFInclude tag
✤ Mitigates directory traversal / path injection that leads to code
execution attack.
✤ Comma separated list of file extensions that execute, typically can
be set to just cfm