We are glad to announce two preconference sessions on the day before ColdFusion Summit 2019. The sessions will be held on September 30th 2019 at The Mirage, Las Vegas. The preconference sessions are Hands-on ColdFusion Security Workshop (Trainer : Pete Freitag) and Going from Zero to 60 with Docker and ColdFusion images (Trainer : Charlie Arehart). Register Now at https://cfsummit.adobeevents.com/preconference/.
Both of the workshops are full day BYOD (bring-your-own-device) hands-on labs and will be a great learning opportunity. Below is a summary of the workshops:
Every web application, no matter who built it, and what technologies are used requires special attention to security. In this full day hands-on workshop you will learn how to find and fix security vulnerabilities in your ColdFusion code.Throughout the day you will be exposed to many different types of vulnerabilities that commonly exist in web applications. We’ll cover the vulnerabilities found in the OWASP Top 10 list, and beyond.
Using a vulnerable CFML web application built for training, you will learn what red flags to look for in the code. Next you will see first hand how attackers may exploit the vulnerabilities. Finally you’ll learn techniques for improving the security of your CFML code. By following along on your laptop, you will develop experience finding, testing, and fixing security vulnerabilities in CFML code.
Have you boarded the Docker train yet, as the new way to run server software? Did you know that Adobe (and others) provide ColdFusion images for CF2018, CF2016, and more? If you didn’t know, you’re not alone. Or maybe you tried working with them, perhaps only dabbling or ran into challenges that discouraged you. Either way, are you aware of the many powerful ways that containers can be used, whether for development, testing, research, or production?
In this day-long session, veteran server troubleshooter Charlie Arehart will guide participants new to the topic in a hands-on introduction to the world of Docker, especially leveraging ColdFusion images from Adobe and others. It’s ok if you’ve still never even used Docker, and it doesn’t matter whether you favor Windows, Linux, or MacOS. We’ll cover some basics and then move quickly to your actually using CF and other images and containers, learning as you go, including tips and techniques that may delight those who’ve worked with Docker for some time (including solving common gotchas, and command-line tips, including alternatives to using that).
Most important we’ll use real-world demos (on your own machine or via a freely available remote service that can be used for demos at the workshop or afterward) to help show WHY containerization is so compelling. We’ll show how easily you can bring up and network together multiple containers (using Docker Compose), including use of different web servers, database servers, caching servers, Redis for external sessions (new in CF2016), CF’s add-on service (for use with its Solr and PDFg features), CF 2018’s PMT and more. We’ll also see the power of easily trying out different VERSIONS of such services, and in various combinations.
Along the way, we’ll learn how to use “volumes” in Docker, which allow us to reuse existing code and data with containers–as well as how to preserve and/or destroy generated information upon restarting instances. And since things don’t always work well, we’ll learn how to troubleshoot containers, beyond just using logs. For many, getting to this level of understanding is enough to open a whole new world of making productive use of containers, whether for development, testing, research, and/or production deployment, including CI/CD.
Finally, we’ll show how easily you can get started in “orchestrating” all these instances, with multiple clustered instances spinning up and down based on demand and being watched with health checks, whether using Docker Swarm and Kubernetes (as well as some alternatives that are growing in popularity). We’ll see especially how we can demonstrate both of those right on your laptop, or again using a free remote service for demonstration–and even if you may ultimately deploy onto some other production server or platform as a service (like AWS, Google Cloud, or Azure. We won’t have time to explore each of those in any depth, but you will see how easily you can move to them if desired.)
Of course, like any IT platform, not everything is perfect when working with Docker and related tools/services, but it’s a constantly evolving topic and toolset. We’ll cover some of the warts that may have plagued past users, whether with Docker and related tools in general or with the CF images in particular, and we’ll see how most such issues have been resolved or may be soon. We’ll also touch on such diverse topics as licensing of CF containers, OS differences regarding containers, image registry alternatives, security matters (including storing sensitive data as container “secrets”), and more.
By the end you’ll have seen how easily you can be working with CF on containers, literally going “from 0 to 60” in just the one day. And along the way you’ll learn of ample resources for learning still more as you wish to expand on topics or get help on your own, whether you prefer slack channels, twitter feeds, mailing lists, docs, online courses, podcasts, videos, free online labs, and more.
(More details, including what software to implement and what containers to obtain in advance, will be provided to participants in the weeks before the workshop.)