ColdFusion Security Assessment Tool

Evaluate your ColdFusion 2025 security posture with this interactive assessment tool. Answer the questions below to receive a comprehensive security score and recommendations.

Foundation Security

Are all ColdFusion updates and security patches applied?

Has the Adobe ColdFusion 2025 Lockdown Guide been executed?

Is JDK 17 updated to the latest patch release?

Have unused ColdFusion packages been removed via cfpm?

Are unnecessary services and features disabled?

Are file system permissions properly configured?

Administrator Security

Is ColdFusion Administrator access restricted by IP address?

Has the default administrator URL path been changed?

Are strong passwords (16+ characters) used for admin accounts?

Is multi-factor authentication enabled for admin access?

Is admin session timeout set to 30 minutes or less?

Is admin access restricted to VPN or bastion host only?

Network Security

Is direct access to Tomcat ports blocked from external networks?

Are web server connectors properly secured with secret keys?

Is HTTPS enforced with TLS 1.3 or 1.2?

Are firewall rules configured to allow only necessary ports?

Application Security

Are session cookies configured with Secure and HttpOnly flags?

Is SameSite cookie attribute configured (Strict or Lax)?

Are security headers implemented (CSP, X-Frame-Options, etc.)?

Is comprehensive input validation implemented?

Are parameterized queries used to prevent SQL injection?

Monitoring Security

Is comprehensive security logging enabled?

Are security logs actively monitored with alerting?

Is intrusion detection/prevention (IDS/IPS) configured?

Maintenance Security

Is there a documented patch management process?

Are quarterly security audits performed?

Is annual penetration testing conducted?

Answer all 27 questions to calculate your score (0 answered)