Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
Adobe® ColdFusion® 10 Server Lockdown Guide
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Section 7: Patch Management Procedures<br />
Staying up to date with patches is essential to maintaining security on the server. The system<br />
administrator should monitor the vendors security pages for all software in use. Most vendors have a<br />
security mailing list that will notify you by email when vulnerabilities are discovered.<br />
Check the following websites frequently:<br />
Adobe Security Bulletins: http://www.adobe.com/support/security/<br />
Microsoft Security Tech Center: http://technet.microsoft.com/en-us/security/default.aspx<br />
RedHat Security: http://www.redhat.com/security/updates/<br />
Changelog for Apache 2.2 web server: http://www.apache.org/dist/httpd/CHANGES_2.2<br />
To keep updated with ColdFusion <strong>10</strong> updates you can use the server update feature in ColdFusion<br />
administrator. Consider setting up an instance to email you when new updates are released. You<br />
should also consider following http://blogs.coldfusion.com/ which is published by the ColdFusion<br />
engineering team, Shilpi Khariwal’s blog (the Security Czar on the ColdFusion engineering team)<br />
http://www.shilpikhariwal.com and finally third a third party commercial service http://hackmycf.com/<br />
83