Jason DeanAbout Jason Dean

Jason is a Web Application Developer with the Minnesota Department of Health, in St. Paul, MN. He has been working in Information Technology for 12 years and is a veteran of the U.S. Coast Guard. He manages a ColdFusion User Group at the MN Department of Health and is a board member of the Twin Cities ColdFusion User Group. He is also a conference speaker, technical writer, and blogger (http://www.12robots.com).

Intro to Intro to Securing CFML Applications 

This presentation will be an introduction to application security and an introduction to securing CFML applications. We will look at what it means for an application to be "Secure", we'll discuss several general principles of application security, and we'll look at some of the basic threats against our applications and countermeasures to mitigate the risk of those threats.

We'll look at topics like:
 - What is a "secure" application
 - Principle of least privilege
 - Failing securely
 - Positive security model (white-listing)
 - SQL Injection
 - Cross-Site Scripting