cf.Objective() 2012

Application security is something everyone should be concerned with. However, most tend to not be so concerned. Alternatively, they may think that what they are doing is adequate. But, on the contrary, there is usually not enough security to protect the secured application.

This session will take a look at some common missteps when trying to secure an application. We will take a look at some of the issues surrounding application security and see if they are myth or fact.

Browser-based applications made easy

BlazeDS is a great way to push a simple message from a server to a client. It is typically used to create alerts on a logged in client, or even basic chat messages. But, what if it could be more? What if it could be used to push larger data sets to a client?

In this session we will look into the basics of how BlazeDS works. Once we get that out of the way, we will have some fun exploring other uses. We will look into pushing things like images and html chunks, as well as json data sets to a client. The session will show how easy it can be to create, send and process different types of data. All it takes is the right combination of tools and a little creative thinking.

When there was just a browser the attack vectors on a system were simple. But, with mobile, AIR, and now set top development, the number of vectors is growing. This in itself is not the issue. The problem is that for most applications security is an after thought. If any security is added it is usually to protect form submission.


In this session we will look at the anatomy of an attack. We will dissect an application that was attacked and how it was done. We discuss good and bad practices on what will and will not work when protecting your application. We will look at ways to know you are being attacked as well as how to track an intrusion.

Official group for the ColdFusion Unconference (2010).