Deconstructing ColdFusion

In this video from OWASP AppSec Research 2010, Chris Eng from Veracode provides a practical guide for those doing penetration testing or code reviews on an application written in ColdFusion.

In case you missed it, recently ProCheckUp were able to access every file including username and passwords from a server running ColdFusion.