Pete Freitag

About:

Pete Freitag is the author of a blog covering topics such as ColdFusion, Java, web development, and other related subjects.

Website:

www.petefreitag.com

Specializations:

Web Developer Software Developer

Incoming Links:

Billy Messenger Daniel Tompkins
Subscribe to RSS:
Link

6.4Understanding Claude Code Permissions and Security Settings

2025-10-20 security software development permissions claude code ai

The blog post discusses the security and permissions model of Claude Code, highlighting its four permission modes and how they can be configured. The author shares insights on managing permissions, including blocking read access t...

5.7ColdFusion Summit 2025 - 30 Years of ColdFusion

2025-09-25 conference security coldfusion prompt injection attacks ai

Pete Freitag shares his experiences from the Adobe ColdFusion Summit in Las Vegas, where he presented on ColdFusion security vulnerabilities, including AI-related issues like prompt injection. He highlights a humorous incident dur...

5.7ColdFusion Developer Week 2025 Slides and Video

2025-07-15 cybersecurity security coldfusion owasp technology conference

Pete Freitag discusses his presentation at the Adobe Developer Week online conference, focusing on security measures for ColdFusion applications. Key topics include various security vulnerabilities such as IDOR, SQL Injection, XSS...

5.1ColdFusion Security Training Next Week Dec 9-10

2025-12-05 cybersecurity ai safety training coldfusion owasp

Pete Freitag announces an online ColdFusion developer security training class scheduled for December 9-10, 2025. The class will cover AI security topics, including prompt injection and the OWASP LLM Top 10 list, alongside traditio...

4.8Generate 6 Digit Security Codes in Java or CFML

2025-08-07 security random number generator coldfusion java

The blog post provides a method for generating a secure six-digit code using Java's SecureRandom class and a similar function in CFML. It explains the importance of using a strong random number generator for security purposes and ...

4.5ColdFusion Security Training Class December 2025

2025-10-09 coldfusion web application cybersecurity training owasp

Pete Freitag announces an online ColdFusion developer security training class scheduled for December 9-10, 2025. The course is designed for developers writing CFML code, regardless of their experience level. It covers various web ...

0Potential gotcha with searchImplicitScopes and cfparam

2025-06-23 web development security bug fix

The recent ColdFusion security hotfix changed searchImplicitScopes defaults, causing developers to fix unscoped variables. The code example demonstrates how the behavior changes when searchImplicitScopes is true or false, potentia...

0Simple Load Testing with curl

2025-06-20 shell scripting software testing curling iron

The author describes a bash script to test a client's rate limiting configuration by sending multiple requests to a URL within a short period of time using curl. The script takes command line arguments for the URL, number of reque...

0Fixinator 6.1.0 - Detecting Undefined Remote Arguments

2025-05-30 security coldfusion fixinator scanning

Fixinator version 6.1.0 has been released with enhancements to CFML code security scanning, including the detection of undefined arguments in remote functions. The update also addresses compatibility issues with the latest ColdFus...

0The CWE 25 and ColdFusion - CFSummit East 2025 Slides

2025-03-27 cybersecurity coldfusion cwe top 25

The author gave a talk at the Adobe ColdFusion Summit East conference about securing ColdFusion applications by analyzing the CWE Top 25 list. The list identifies the most dangerous software weaknesses and the presentation discuss...

0Understanding and Checking for Tomcat CVE-2025-24813

2025-03-17 security software vulnerability remote code execution cve apache tomcat default servlet web.xml

The text explains the Tomcat vulnerability CVE-2025-24813, and the requirements for the vulnerability. It also provides information on the Tomcat Default Servlet, how to check if writes are enabled for the default servlet, and the...

0Java 21: Could not find agent library instrument on the library path

2025-03-05 javascript conflict resolution coldfusion

The author encountered an error while trying to load a -javaagent on Java 21 / ColdFusion 2025 on Windows Server 2022. The error message indicated that it could not find the agent library instrument on the library path. After trou...

0Fixinator Version 6 Released

2025-03-04 security javascript coldfusion fixinator enterprise software

Fixinator version 6.0.0 has been released, marking the second release of 2025. It includes ColdFusion 2025 compatibility scanning, updated reporting, improved known JavaScript vulnerability reporting, enterprise version enhancemen...

0ColdFusion 2025 Breaking Changes Explained

2025-03-04 software development coldfusion compatibility fixinator adobe creative cloud

Adobe released ColdFusion 2025, removing deprecated or unsupported features. Fixinator 6 has a ColdFusion 2025 code compatibility scanner. The post explains breaking changes, such as removal of parameterExists, htmlEditFormat, tag...

0Fixinator's New Compatibility Scanner

2024-11-01

The text discusses the stress of upgrading to the latest version of ColdFusion and the nuances to consider, such as changes in date mask characters. It introduces Fixinator's new compatibility scanner, which can search for over 10...

0ColdFusion Summit 2024 Slides: 20 ways to secure CF

2024-10-04

The text is a summary of a presentation at the Adobe ColdFusion summit in Las Vegas on 20 ways to secure ColdFusion. It covers various topics related to security in ColdFusion, including SQL Injection, authentication, audit loggin...

0Latest ColdFusion Security Updates - December 2024

2024-09-10

The text provides information about the latest ColdFusion Security Updates and Hotfixes published by Adobe, including the release dates, vulnerabilities fixed, and links to resources. It also includes details about previous securi...

0Left and Right Accept Negative Counts

2024-05-02

The left() and right() functions in CFML can accept negative values to remove the beginning or ending of a string. This feature was added to ColdFusion 2018 and works on Lucee going back as far as version 4.5. However, it could ca...

0Fixinator fixes unscoped variables

2024-03-21

The text discusses the recent Adobe ColdFusion security update that disabled searchImplicitScopes by default, causing issues for developers with unscoped variables. The author introduces Fixinator version 4.1.0, which can find and...

0ColdFusion searchImplicitScopes and APSB24-14

2024-03-13

Adobe has published a ColdFusion Security Hotfix APSB24-14 today which describes a critical vulnerability that could lead to arbitrary file system read. A major change was made to how ColdFusion handles unscoped variables. With se...

0Lucee RCE Vulnerabilities February 2024

2024-02-22

Last week security researchers from Project Discovery published details on three Lucee vulnerabilities: A Remote Code Execution (RCE) on isDefined, StructGet, Empty functions, a RCE on CF_CLIENT cookie values, and a RCE on REST CF...

0DNS over HTTPS is not what I thought

2024-01-31

The author discusses their experience with DNS over HTTPS, a new standard for accessing DNS records over an encrypted https connection. They explore the protocol and provide examples of querying DNS records using curl. The author ...

0Remove the Server Header in any IIS Version

2023-12-06

The text explains how to remove the server header in any IIS version, with a focus on IIS 10. It provides detailed instructions for removing the server header at the site level and server-wide level, as well as addressing the Micr...

0Self Signed Certificates in Edge on Windows 2022

2023-11-09

The text discusses the process of creating and trusting a self-signed certificate in Edge on Windows Server 2022. It explains the limitations of using the IIS Server Certificates button and provides a workaround using PowerShell t...