• "Avoiding Server-Side Request Forgery (SSRF) Vulns in CFML", with Brian Reilly

    We're happy to announce the Online ColdFusion Meetup to be held Thursday Nov 11th at 12pm US Eastern Time, UTC-5.

    Meeting URL: https://www.youtube.com/watch?v=-wu6cRZcRx0&list=PLG2EHzEbhy0-QirMKgSxhjkUyTSSTvHjL

    TOPIC DESCRIPTION: (provided by the speaker)

    Server-Side Request Forgery (SSRF) vulnerabilities allow an attacker to make arbitrary web requests (and in some cases, other protocols too) from the application environment. Exploiting these flaws can lead to leaking sensitive data, accessing internal resources, and under certain circumstances, remote command execution.

    Several ColdFusion/CFML tags and functions can process URLs as file path arguments -- including some tags and and functions that you might not expect. If these tags and functions process unvalidated user-controlled input, this can lead to SSRF vulnerabilities in your applications. In addition to providing a list of affected tags and functions, I'll cover some approaches for identifying and remediating vulnerable code. My goal for this talk is to raise awareness about what may be a security blindspot for some ColdFusion/CFML developers.

    ABOUT THE SPEAKER(s): (provided by the speaker)

    Brian is a security engineer focused on application security, penetration testing, vulnerability research, and offensive services. His professional experience has included work with organizations in the financial services, technology, higher education, and state/local government sectors.

    RECORDINGS:

    All meetings are recorded. As a Youtube live meeting, the URL offered here is the link to the recording as well. But the URL will also be posted after meeting at https://recordings.coldfusionmeetup.com, and via the Youtube playlist (https://www.youtube.com/playlist?list=PLG2EHzEbhy0-QirMKgSxhjkUyTSSTvHjL).

    WANT TO PRESENT?

    We welcome and indeed seek presentations from anyone wishing to speak about any projects regarding or tangentially related to CF. For more, see https://speak.coldfusionmeetup.com.

  • "Migrating apps to ColdFusion 2021 from earlier versions", with Charlie Arehart

    We're happy to announce the Online ColdFusion Meetup to be held Thursday Nov 4th at 12pm US Eastern Time, UTC-4.

    Meeting URL: https://www.youtube.com/watch?v=QQBHnQExFqc&list=PLG2EHzEbhy0-QirMKgSxhjkUyTSSTvHjL

    TOPIC DESCRIPTION: (provided by the speaker)

    While CF2021 has been out now for a year (released in Nov 2020), many orgs may only now be considering moving to it, whether from CF2018 or perhaps CF2016, CF11, CF10, or even earlier. How have the versions changed, in ways that some older code may not run on CF2021? And if you're skipping some CF version/s, what might have tripped you up in those, though not really "new" in CF2021 itself? And what can you do to mitigate such challenges?

    In this session, CF troubleshooter Charlie Arehart will share from his experience helping folks make such migrations the past year (and for years with previous CF versions), whether in his role as an independent consultant or providing assistance to the CF community. He'll cover things you can consider in advance of the migration as well as things that might help during or after the migration. Most important, this talk will focus on the differences between CF2021 and various earlier CF versions. (Note that he has previously given a talk on migrating CF admin settings, and he plans a future talk on some other aspects of migration.)

    ABOUT THE SPEAKER(s): (provided by the speaker)

    A veteran server troubleshooter with over thirty years experience in enterprise IT, Charlie Arehart (@carehart) is a longtime contributor to the CF community and Adobe Community Professional. As an independent consultant, he provides short-term, remote, on-demand troubleshooting/tuning assistance for organizations of all sizes and experience levels (carehart.org/consulting).

    RECORDINGS:

    All meetings are recorded. As a Youtube live meeting, the URL offered here is the link to the recording as well. But the URL will also be posted after meeting at https://recordings.coldfusionmeetup.com, and via the Youtube playlist (https://www.youtube.com/playlist?list=PLG2EHzEbhy0-QirMKgSxhjkUyTSSTvHjL).

    WANT TO PRESENT?

    We welcome and indeed seek presentations from anyone wishing to speak about any projects regarding or tangentially related to CF. For more, see https://speak.coldfusionmeetup.com.

    2
  • Using LaunchDarkly for feature flag management in CF applications, w/ Brad Wood

    We're happy to announce the Online ColdFusion Meetup to be held Thursday Oct 28th at 12pm US Eastern Time, UTC-4.

    Meeting URL: https://www.youtube.com/watch?v=cjboLKvbGDc&list=PLG2EHzEbhy0-QirMKgSxhjkUyTSSTvHjL

    TOPIC DESCRIPTION: (provided by the speaker)

    Feature flags are a system of enabling certain functionality in your app based on test groups, cross-cutting segments of users, and your internal release processes. Feature flags can be updated on the fly at any time by any user and don't require deploying new code to your servers. LaunchDarkly is a system that helps you manage your feature flags and how they respond to the users of your site. It offers detailed tracking of each user, each flag, and a robust set of rules for determining which users see which features. In this session, we'll see an overview of how to use the new LaunchDarkly SDK which can be used in ColdFusion applications. Demos will include both ColdBox apps and non-ColdBox legacy apps.

    ABOUT THE SPEAKER(s): (provided by the speaker)

    Brad grew up in southern Missouri and after high school majored in Computer Science with a music minor at MidAmerica Nazarene University (Olathe, KS). Today he lives in Kansas City with his wife and three girls. Brad enjoys all sorts of international food and the great outdoors.

    Brad has been programming ColdFusion since around 2002 and has used every version of CF since 4.5. He first fell in love with ColdFusion as a way to easily connect a database to his website for dynamic pages. He enjoys configuring and performance tuning high-availability Windows and Linux ColdFusion environments as well as SQL Server

    RECORDINGS:

    All meetings are recorded. As a Youtube live meeting, the URL offered here is the link to the recording as well. But the URL will also be posted after meeting at https://recordings.coldfusionmeetup.com, and via the Youtube playlist (https://www.youtube.com/playlist?list=PLG2EHzEbhy0-QirMKgSxhjkUyTSSTvHjL).

    WANT TO PRESENT?

    We welcome and indeed seek presentations from anyone wishing to speak about any projects regarding or tangentially related to CF. For more, see https://speak.coldfusionmeetup.com.

  • CF Modernization Challenges - Improving Legacy Code, with David Byers

    We're happy to announce the Online ColdFusion Meetup to be held Thursday Jun 17th at 12pm US Eastern Time, UTC-4.

    Meeting URL: https://www.youtube.com/watch?v=uC_f4mEF_00&list=PLG2EHzEbhy0-QirMKgSxhjkUyTSSTvHjL

    TOPIC DESCRIPTION: (provided by the speaker)

    Every ColdFusion developer is a builder and an artist. We want to create and craft beautiful, elegant solutions with CFML that are powerful and dynamic… but sometimes, we still need to deal with the legacy code that was built a decade ago by a developer who has long since left the organization and didn’t know what they were doing to begin with. Or, maybe the company direction has shifted (again) and what was a priority in the past is no longer relevant. Maybe the approach you originally took to a problem can be done cleaner, and more efficiently. Maybe there’s new functionality in ColdFusion that renders old approaches obsolete. At some point, modernization of your approach becomes necessary to retain your sanity!

    In this group therapy session, I will discuss legacy code, why it’s difficult to manage, how to take incremental approaches to improving it and some techniques on how to modernize your development approach.

    ABOUT THE SPEAKER(s): (provided by the speaker)

    David Byers was previously promotions director for a rock radio station, but chose to change careers in the 1990's when he simultaneously got tired of eating Top Ramen, and fell in love with developing websites and web based applications. For over 22 years, he has focused his expertise on the ColdFusion platform, developing software for a multitude of businesses ranging from small mom-and-pop shops to enterprises of over 900 employees. A former ColdFusion User Group manager, he has been a proponent of CFML, and regularly provides content to the ColdFusion Community Portal. Born in Canada, David lives in Las Vegas, Nevada with his wife, three cats, four house bunnies, and two bearded dragons.

    RECORDINGS:

    All meetings are recorded. As a Youtube live meeting, the URL offered here is the link to the recording as well. But the URL will also be posted after meeting at https://recordings.coldfusionmeetup.com, and via the Youtube playlist (https://www.youtube.com/playlist?list=PLG2EHzEbhy0-QirMKgSxhjkUyTSSTvHjL).

    WANT TO PRESENT?

    We welcome and indeed seek presentations from anyone wishing to speak about any projects regarding or tangentially related to CF. For more, see https://speak.coldfusionmeetup.com.

  • Getting Started with FusionReactor, with Brad Wood

    Online event

    We're happy to announce the Online ColdFusion Meetup to be held Thursday Jun 3rd at 12pm US Eastern Time, UTC-4.

    Meeting URL: https://www.youtube.com/watch?v=PWkh2Yig3yQ&list=PLG2EHzEbhy0-QirMKgSxhjkUyTSSTvHjL

    TOPIC DESCRIPTION: (provided by the speaker)

    New to FusionReactor? Perhaps you have a license but aren't sure how to tap into the features? We'll cover the basics of using FR to profile code, view your running and recent requests, and how to tell what is making a request slow. We'll cover tracking JDBC requests, HTTPS calls, and using the Profiler feature. There are many more features in FR, but we'll cover enough to get you started.

    ABOUT THE SPEAKER(s): (provided by the speaker)

    Brad grew up in southern Missouri and after high school majored in Computer Science with a music minor at MidAmerica Nazarene University (Olathe, KS). Today he lives in Kansas City with his wife and three girls. Brad enjoys all sorts of international food and the great outdoors.

    Brad has been programming ColdFusion for 17 years and has used every version of CF since 4.5. He first fell in love with ColdFusion as a way to easily connect a database to his website for dynamic pages. He enjoys configuring and performance tuning high-availability Windows and Linux ColdFusion environments as well as SQL Server.

    RECORDINGS:

    All meetings are recorded. As a Youtube live meeting, the URL offered here is the link to the recording as well. But the URL will also be posted after meeting at https://recordings.coldfusionmeetup.com, and via the Youtube playlist (https://www.youtube.com/playlist?list=PLG2EHzEbhy0-QirMKgSxhjkUyTSSTvHjL).

    WANT TO PRESENT?

    We welcome and indeed seek presentations from anyone wishing to speak about any projects regarding or tangentially related to CF. For more, see https://speak.coldfusionmeetup.com.

  • Installing CF2021: choices, challenges, and solutions, with Charlie Arehart

    We're happy to announce the Online ColdFusion Meetup to be held Thursday Apr 29th at 12pm US Eastern Time, UTC-4.

    Meeting URL: https://www.youtube.com/watch?v=LN0_31YTwp8&list=PLG2EHzEbhy0-QirMKgSxhjkUyTSSTvHjL

    TOPIC DESCRIPTION: (provided by the speaker)

    If you're considering moving to CF2021, there are some things to consider before or as you may install it. First, there’s a new “zip” install option, in addition to the traditional full installer. What’s that about? why should you use it? what are some challenges, and why might you not want to? We'll cover that.

    Second, even with the full installer there are new options and choices, and perhaps it’s been a while since you have installed even other CF versions. We will cover some of the key choices presented.

    We'll also discuss aspects of migrating CF admin settings from an old version to a new, and touch briefly on the pros and cons of installing a new CF version alongside an old one.

    There are certainly other challenges with installing ColdFusion, and we will also open the floor for questions about that and cover whatever else we can in the hour allotted.

    ABOUT THE SPEAKER(s): (provided by the speaker)

    A veteran server troubleshooter with over thirty years experience in enterprise IT, Charlie Arehart (@carehart) is a longtime contributor to the CF community and Adobe Community Professional. As an independent consultant, he provides short-term, remote, on-demand troubleshooting/tuning assistance for organizations of all sizes and experience levels (carehart.org/consulting).

    RECORDINGS:

    All meetings are recorded. As a Youtube live meeting, the URL offered here is the link to the recording as well. But the URL will also be posted after meeting at https://recordings.coldfusionmeetup.com, and via the Youtube playlist (https://www.youtube.com/playlist?list=PLG2EHzEbhy0-QirMKgSxhjkUyTSSTvHjL).

    WANT TO PRESENT?

    We welcome and indeed seek presentations from anyone wishing to speak about any projects regarding or tangentially related to CF. For more, see https://speak.coldfusionmeetup.com.

  • "To the future with cbFutures!", with Luis Majano

    Online event

    We're happy to announce the Online ColdFusion Meetup to be held Thursday Apr 15th at 6pm US Eastern Time, UTC-5.

    * Please note that this is in our evening slot, at the speaker's choice. *

    As in recent sessions, this one will be held via a Youtube livestream (and streamed to it via Streamyard):

    Meeting URL: https://www.youtube.com/watch?v=2pwp6OSl9zI&list=PLG2EHzEbhy0-QirMKgSxhjkUyTSSTvHjL

    TOPIC DESCRIPTION: (provided by the speaker)

    In this session we will explore the asynchronous and parallel programming constructs built into the ColdBox 6 Async Package. Java has supported a robust and functional approach to asynchronous programming since JDK8 and now it is available to us all in the Coldfusion (CFML) ⚡ World! To the future!

    ABOUT THE SPEAKERS: (provided by the speaker)

    Luis Majano is a Computer Engineer with over 15 years of software development and systems architecture experience. He was born in San Salvador, El Salvador in the late 70’s, during a period of economical instability and civil war. He lived in El Salvador until 1995 and then moved to Miami, Florida where he completed his Bachelors of Science in Computer Engineering at Florida International University

    He is the CEO of Ortus Solutions, a consulting firm specializing in web development, ColdFusion (CFML), Java development and all open source professional services under the ColdBox, CommandBox and ContentBox stack. And he is the creator of ColdBox, ContentBox, WireBox, MockBox, LogBox and anything “BOX”, and contributes to many open source projects. You can read his blog at www.luismajano.com

    RECORDINGS:

    All meetings are recorded. The URL will be posted after meeting at https://recordings.coldfusionmeetup.com. In addition to those Adobe Connect streaming recording posted immediately after the meeting, we also post recordings at Youtube usually within a day of the meeting.

    WANT TO PRESENT?

    We welcome and indeed seek presentations from anyone wishing to speak about any projects regarding or tangentially related to CF. For more, see https://speak.coldfusionmeetup.com.

  • "CSS Crash Course for CSS Haters or Novices", with Jessica Keener

    We're happy to announce the Online ColdFusion Meetup to be held Thursday Apr 8th at 12pm US Eastern Time, UTC-4.

    As in recent sessions, this one will be held via a Youtube livestream (and streamed to it via Streamyard):

    Meeting URL: https://www.youtube.com/watch?v=Lx7OqcqAw3Y&list=PLG2EHzEbhy0-QirMKgSxhjkUyTSSTvHjL

    TOPIC DESCRIPTION: (provided by the speaker)

    This class is intended for a complete novice to CSS, or those who know enough to get by but hate everything about it. We will be covering the basics of CSS (including specificity), using preprocessors, as well as several practical best practices to keep you out of CSS hell.

    ABOUT THE SPEAKERS: (provided by the speaker)

    Jessica is a senior software engineer at Inmar, inc. Specializing in front-end architecture, specifically around CSS, she brings over 10 years of full-stack experience to the table. Her current role involves working as part of a polyglot team of engineers working full-stack within an ever-evolving ecosystem of technologies.

    RECORDINGS:

    All meetings are recorded. The URL will be posted after meeting at https://recordings.coldfusionmeetup.com. In addition to those Adobe Connect streaming recording posted immediately after the meeting, we also post recordings at Youtube usually within a day of the meeting.

    WANT TO PRESENT?

    We welcome and indeed seek presentations from anyone wishing to speak about any projects regarding or tangentially related to CF. For more, see https://speak.coldfusionmeetup.com.

  • "ColdFusion 101: Intro for Beginner Devs, Decision Makers, & CEO’s", David Byers

    We're happy to announce the Online ColdFusion Meetup to be held Thursday Mar 11th at 12pm US Eastern Time, UTC-5.

    As in recent sessions, this one will be held via a Youtube livestream (and streamed to it via Streamyard):

    Meeting URL: https://www.youtube.com/watch?v=3dKZ7KEHhAk&list=PLG2EHzEbhy0-QirMKgSxhjkUyTSSTvHjL

    TOPIC DESCRIPTION: (provided by the speaker)

    Every developer's journey has to start somewhere. This session is designed to give new developers and business owners an overview of ColdFusion, and why it's one of the most amazing development languages available. You will learn, from a very broad perspective, the basics of how ColdFusion works, some simple ColdFusion syntax, an overview of the major ColdFusion frameworks, an overview of the developer community and various ColdFusion resources, and some facts and misconceptions.

    This presentation is specifically targeted towards new developers or business owners who have little to no knowledge of ColdFusion.

    ABOUT THE SPEAKERS: (provided by the speaker)

    David Byers has been a developer for over 20 years and is a strong advocate of ColdFusion. He is a storyteller, and active on the ColdFusion Community Portal. He lives in Las Vegas with his wife, three cats and four house bunnies.

    RECORDINGS:

    All meetings are recorded. The URL will be posted after meeting at https://recordings.coldfusionmeetup.com. In addition to those Adobe Connect streaming recording posted immediately after the meeting, we also post recordings at Youtube usually within a day of the meeting.

    WANT TO PRESENT?

    We welcome and indeed seek presentations from anyone wishing to speak about any projects regarding or tangentially related to CF. For more, see https://speak.coldfusionmeetup.com.

  • "The Golden Hammer: Confessions of a Recovering Database Abuser", w/ Shawn Oden

    We're happy to announce the Online ColdFusion Meetup to be held Thursday Feb 25th at 12pm US Eastern Time, UTC-5.

    As in recent sessions, this one will be held via a Youtube livestream (and streamed to it via Streamyard):

    Meeting URL: https://www.youtube.com/watch?v=tq2t6ulM4hY&list=PLG2EHzEbhy0-QirMKgSxhjkUyTSSTvHjL

    TOPIC DESCRIPTION: (provided by the speaker)

    Early in my dev career, I often (unwittingly) abused my systems. My code didn't care about things like databases or networks, as long as the results were right. I had a cfHammer, and I needed to pound out a solution. I never knew I was an anti-pattern.

    ABOUT THE SPEAKERS: (provided by the speaker)

    I'm a code monkey who started life as a pilot. I've primarily worked in ColdFusion and SQL, with a smattering of pretty much whatever I've been asked to do. I'm a self-taught guy, and I constantly find new, shiny things that I want to learn more about. I've been doing both the coder and the SQLer things for a while. I know a thing or two. At least I hope I do.

    RECORDINGS:

    All meetings are recorded. The URL will be posted after meeting at https://recordings.coldfusionmeetup.com. In addition to those Adobe Connect streaming recording posted immediately after the meeting, we also post recordings at Youtube usually within a day of the meeting.

    WANT TO PRESENT?

    We welcome and indeed seek presentations from anyone wishing to speak about any projects regarding or tangentially related to CF. For more, see https://speak.coldfusionmeetup.com.