ColdFusion Security Assessment Tool
Evaluate your ColdFusion 2025 security posture with this interactive assessment tool. Answer the questions below to receive a comprehensive security score and recommendations.
Foundation Security
Are all ColdFusion updates and security patches applied?
Has the Adobe ColdFusion 2025 Lockdown Guide been executed?
Is JDK 17 updated to the latest patch release?
Have unused ColdFusion packages been removed via cfpm?
Are unnecessary services and features disabled?
Are file system permissions properly configured?
Administrator Security
Is ColdFusion Administrator access restricted by IP address?
Has the default administrator URL path been changed?
Are strong passwords (16+ characters) used for admin accounts?
Is multi-factor authentication enabled for admin access?
Is admin session timeout set to 30 minutes or less?
Is admin access restricted to VPN or bastion host only?
Network Security
Is direct access to Tomcat ports blocked from external networks?
Are web server connectors properly secured with secret keys?
Is HTTPS enforced with TLS 1.3 or 1.2?
Are firewall rules configured to allow only necessary ports?
Application Security
Are session cookies configured with Secure and HttpOnly flags?
Is SameSite cookie attribute configured (Strict or Lax)?
Are security headers implemented (CSP, X-Frame-Options, etc.)?
Is comprehensive input validation implemented?
Are parameterized queries used to prevent SQL injection?
Monitoring Security
Is comprehensive security logging enabled?
Are security logs actively monitored with alerting?
Is intrusion detection/prevention (IDS/IPS) configured?
Maintenance Security
Is there a documented patch management process?
Are quarterly security audits performed?
Is annual penetration testing conducted?
Answer all 27 questions to calculate your score (0 answered)