Ben Forta's Blog, page 39

GCN has posted a story on the most secure web language based on data from WhiteHat Security in its 2014 Website Security Statistics Report. WhiteHat performed vulnerability assessments of more than 30,000 websites using .NET, Java, ASP, PHP, ColdFusion, and Perl.I was pleased to see the summary that "Risk exposure does not vary widely between languages ... In fact, there was no statistical difference, in terms of the average number of vulnerabilities per slot, between any of the languages in this study." While I have not done the type of analysis performed here, instinctively I agree, the quality of the code written in any specific language has far more of an impact on security than does the language itself.

That said, a couple of interesting ColdFusion specific notes:


The research found far fewer instances of ColdFusion vulnerabilities than it did Java or ASP.NET, which makes perfect sense as there are far fewer ColdFusion servers and applications. That's definitely a Duh! finding.
When looking at "vulnerabilities per slot" (I'd like to better understand how that is defined and measured) ColdFusion ranked best, almost on par with Perl.
But when looking at SQL injection vulnerabilities, ColdFusion ranked worst. I'll go out on a limb here and suggest that this is probably a direct result of how easy ColdFusion makes database integration, and that simplicity often means that developers cut corners (or that less experienced developers end up writing production code).
But most important to me was the finding "that languages that have been around for decades were actually able to keep pace with more modern languages when it came to remediation of some vulnerability classes". As an example, "SQL injection had a 96 percent remediation rate in ColdFusion applications, and every single abuse of functionality vulnerability found in ColdFusion sites was remediated."


Hat tip: Randy Burton.

Adobe Senior Computer Scientist Hans Muller has posted an invaluable article on using HTML and CSS to display an image with a caption. This one is well worth reading.

I love this Adobe Photoshop CC #CreativityForAll video!



And here are some details on how you can get your hands on one of Charlie's exclusive 3D eggs.

With the next major version of ColdFusion now in public beta, the ColdFusion team is hosting a series of online seminars.

Val Head's book, The CSS Animations Pocket Guide, is a wonderful read, one that is highly recommended to anyone experimenting with CSS animations. Val just

Is the official Creative Cloud blog on your newsfeed? As one of the best places to stay on top of product news, events, tutorials, and more, it should be.

I mentioned AIR 13 a few weeks ago (in a post that triggered an interesting comments thread). Well, it's official, AIR 13 is now out and available for download. Here are the release notes.

Adobe Lightroom is now available on iPad. We've posted a detailed Get started with Lightroom mobile tutorial, and Terry White has posted notes and a first look.

While in San Francisco last week, Adobe evangelist Paul Trani wowed me with some of his most recent 3D printed creations (all of which originated in Photoshop CC). Paul has since posted 30 Inspiring Examples of 3D Printing (and included several of his own, including the Adobe logo device holder seen here).

The Adobe Web Platform team has posted details on new canvas features recently made available in WebKit, Chrome and Firefox. To try the examples you'll need a bleeding edge browser (nightly WebKit, daily Chromium, Opera developer or Firefox nightly). But with or without the examples, this is a fascinating read.