+1 to FuseGuard. Implemented this on a site this a *lot* of SQL injection issues. No firewall or similar product is a substitute for well-written code, but putting this in place stopped the hemorrhaging overnight.
+1 to HackMyCF as well. Use this on the main site I support, and I'm very happy with weekly updates (not only tells you what the problem is, but links to how to fix it) No, Pete isn't paying me to say this. :-) Billy Cravens bdcrav...@gmail.com > > > 5) Employ redundant layers of security (defense in depth), for example > using a web application firewall, such as the one my company makes > http://fuseguard.com/ there are other ones that are non specific to CF as > well. > > 6) Use security monitoring and scanning tools, such as a PCI scanner, and > http://hackmycf.com/ (note HackMyCF is not a PCI scanner, you should still > use a PCI scanner in addition to HackMyCF, which is highly CF specific). > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354856 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm